Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trusted types attributes #1268

Open
wants to merge 23 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
184fbb3
Draft integration with Trusted Types, take 2.
koto Jan 23, 2024
ebae0ea
Added integration in 'set an attribute value'.
koto Jan 24, 2024
3dc6eba
Removed stringification.
koto Jan 24, 2024
f88ea29
Fixed formatting.
koto Jan 25, 2024
966291f
Fixed copy-paste error in setAttribute() and indentation.
koto Jan 25, 2024
065ee2e
Fix build
lukewarlow Mar 28, 2024
19e8f54
Change code to pass sink values through to TT code.
lukewarlow Mar 28, 2024
964b8cd
Move validate and set attribute into append an attribute
lukewarlow Apr 10, 2024
8db6d26
Remove sink values from spec
lukewarlow Apr 11, 2024
271a670
Revert changes to setAttributeNode and setAttributeNodeNS method steps
lukewarlow Apr 22, 2024
2427ef4
Remove throw from set an attribute and move TT check down to replace …
lukewarlow Apr 22, 2024
b5de89b
Revert unneeded changes
lukewarlow Apr 22, 2024
cd0415b
Address comment
lukewarlow Apr 22, 2024
d2adea4
Add missing and
lukewarlow Apr 22, 2024
99ae585
Address some comments
lukewarlow May 7, 2024
f76755c
Re-add early return
lukewarlow May 7, 2024
e5be35d
Change dfn to use given rather than with
lukewarlow May 7, 2024
982ef71
Update how the enforcement is done
lukewarlow May 16, 2024
f584e23
Add tentative enforcement for toggleAttribute
lukewarlow May 16, 2024
9b74d93
Update enforcement for toggleAttribute to match behaviour observed in…
lukewarlow May 16, 2024
d836a23
Revert "Update enforcement for toggleAttribute to match behaviour obs…
lukewarlow Jun 11, 2024
b0ecd77
Revert "Add tentative enforcement for toggleAttribute"
lukewarlow Jun 11, 2024
d6b3b5a
Reintroduce infrastructure changes
lukewarlow Jun 13, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fixed formatting.
  • Loading branch information
koto authored and lukewarlow committed Aug 13, 2024
commit f88ea294bf90f4b376e7a960089c45a7fddad152
56 changes: 35 additions & 21 deletions dom.bs
Original file line number Diff line number Diff line change
@@ -6458,7 +6458,8 @@ given a <var>document</var>, <var>localName</var>, <var>namespace</var>, and opt
<ol>
<li><p>Let <var>oldValue</var> be <var>attribute</var>'s <a for=Attr>value</a>.</p></li>

<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var>, with <var>attribute</var>'s <a for=Attr>element</a>.
<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var>, with
<var>attribute</var>'s <a for=Attr>element</a>.

<li><p><a>Handle attribute changes</a> for <var>attribute</var> with <var>attribute</var>'s
<a for=Attr>element</a>, <var>oldValue</var>, and <var>value</var>.
@@ -6510,13 +6511,17 @@ steps:
<a for=Attr>value</a>.
</ol>

<p>To <dfn id=concept-element-attributes-validate-and-set-value>validate and set attribute value</dfn> <var>value</var> for an <a>attribute</a> <var>attribute</var>, with <a>element</a> <var>element</var>, run these steps:
<p>To <dfn id=concept-element-attributes-validate-and-set-value>validate and set attribute value</dfn>
<var>value</var> for an <a>attribute</a> <var>attribute</var>, with <a for=/>element</a>
<var>element</var>, run these steps:

<ol>
<li><p>Let <var>validValue</var> be the result of calling
lukewarlow marked this conversation as resolved.
Show resolved Hide resolved
<a>Get Trusted Types-compliant attribute value</a> for <var>attribute</var>, with
<var>element</var> and <var>value</var>. [[!TRUSTED-TYPES]]

<ol>
<li><p>Let <var>validValue</var> be the result of calling <a>Get Trusted Types-compliant attribute value</a>
for <var>attribute</var>, with <var>element</var> and <var>value</var>.[[!TRUSTED-TYPES]]
<li><p>Set <var>attribute</var>'s <a for=Attr>value</a> to <var>validValue</var>.
</ol>
</ol>

<hr>

@@ -6580,7 +6585,8 @@ string <var>namespace</var> (default null):</p>

<li><p>If <var>oldAttr</var> is <var>attr</var>, return <var>attr</var>.
lukewarlow marked this conversation as resolved.
Show resolved Hide resolved

<li><p><a>Validate and set attribute value</a> <var>newAttr</var>'s <a for="Attr">value</a> for <var>newAttr</var> with <var>element</var>.
<li><p><a>Validate and set attribute value</a> <var>newAttr</var>'s <a for="Attr">value</a> for
<var>newAttr</var> with <var>element</var>.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, so doing the verification may run scripts. And that means oldAttr might not be anymore in the element it used to be. Could that cause issues? Could the value be validated first for certain kind of element but then used on some other kind of element?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default policy doesn't provide context about which element an attribute is set on only the name of the attribute. In this case this algorithm is triggered by APIs such as setAttributeNode or setNamedItem.

So I don't think there's anything that can happen here that's too bad. Also any mechanism you use inside of the default policy will itself trigger the default policy so it should be fine?

<li><p>If <var>oldAttr</var> is non-null, then <a lt="replace an attribute">replace</a>
<var>oldAttr</var> with <var>attr</var>.
@@ -6593,9 +6599,9 @@ string <var>namespace</var> (default null):</p>

<div algorithm>
<p>To <dfn export id=concept-element-attributes-set-value>set an attribute value</dfn> given an
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This algorithm covers setAttributeNS

<a for=/>element</a> <var>element</var>, a string <var>localName</var>, a string or <a>TrustedType</a> <var>value</var>,
an optional null or string <var>prefix</var> (default null), and an optional null or string
<var>namespace</var> (default null):
<a for=/>element</a> <var>element</var>, a string <var>localName</var>, a string or {{TrustedType}}
<var>value</var>, an optional null or string <var>prefix</var> (default null), and an optional null
or string <var>namespace</var> (default null):

<ol>
<li>Let <var>attribute</var> be the result of
@@ -6612,12 +6618,14 @@ an optional null or string <var>prefix</var> (default null), and an optional nul
<ol>
<li><p>Set <var>attribute</var> to a new <a>attribute</a> whose <a for=Attr>namespace</a> is
<var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>,
<a for=Attr>local name</a> is <var>localName</var> and
<a for=Node>node document</a> is <var>element</var>'s <a for=Node>node document</a>.
<a for=Attr>local name</a> is <var>localName</var> and <a for=Node>node document</a> is
<var>element</var>'s <a for=Node>node document</a>.

<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var> with
<var>element</var>.

<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var> with <var>element</var>.
<li><p><a lt="append an attribute">Append</a> <var>attribute</var> to <var>element</var>.

<li><p><a lt="append an attribute">Append</a> <var>attribute</var> to <var>element</var>
<li><p>Return.
</ol>

@@ -6883,13 +6891,19 @@ method steps are:
<!-- This is step 2 of "get an attribute by name", modified as appropriate -->

<li><p>If <var>attribute</var> is null, then:
<ol>
<li><p>Set <var>attribute</var> to a new <a>attribute</a> whose
<a for=Attr>local name</a> is <var>qualifiedName</var> and <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>.
<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var>, with <a>this</a>.
<li><a lt="append an attribute">Append</a> <var>attribute</var> to <a>this</a>.
<li><p>Return.
</ol>

<ol>
<li><p>Set <var>attribute</var> to a new <a>attribute</a> whose <a for=Attr>local name</a> is
<var>qualifiedName</var> and <a for=Node>node document</a> is <a>this</a>'s
<a for=Node>node document</a>.

<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var>,
with <a>this</a>.

<li><p><a lt="append an attribute">Append</a> <var>attribute</var> to <a>this</a>.

<li><p>Return.
</ol>

<li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>.
</ol>