Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trusted types attributes #1268
base: main
Are you sure you want to change the base?
Trusted types attributes #1268
Changes from 1 commit
184fbb3
ebae0ea
3dc6eba
f88ea29
966291f
065ee2e
19e8f54
964b8cd
8db6d26
271a670
2427ef4
b5de89b
cd0415b
d2adea4
99ae585
f76755c
e5be35d
982ef71
f584e23
9b74d93
d836a23
b0ecd77
d6b3b5a
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, so doing the verification may run scripts. And that means oldAttr might not be anymore in the element it used to be. Could that cause issues? Could the value be validated first for certain kind of element but then used on some other kind of element?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default policy doesn't provide context about which element an attribute is set on only the name of the attribute. In this case this algorithm is triggered by APIs such as setAttributeNode or setNamedItem.
So I don't think there's anything that can happen here that's too bad. Also any mechanism you use inside of the default policy will itself trigger the default policy so it should be fine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This algorithm covers setAttributeNS