diff --git a/source b/source index a0bb77d2094..4bfd12055a5 100644 --- a/source +++ b/source @@ -3220,6 +3220,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • The change, append, remove, replace, get an attribute by namespace and local name, set value, and remove an attribute by namespace and local name algorithms for attributes
  • The attribute change steps hook for attributes
  • The value concept for attributes
    • +
  • The local name concept for attributes
  • The attribute list concept
  • The data of a CharacterData node and its replace data algorithm
    • @@ -4609,11 +4610,10 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute TRUSTED-TYPES

    @@ -10672,7 +10672,7 @@ typedef (HTMLScriptElement or SVGScriptElement) LegacyOverrideBuiltIns] partial interface Document { - static Document parseHTMLUnsafe(HTMLString html); + static Document parseHTMLUnsafe((TrustedHTML or DOMString) html); // resource metadata management [PutForwards=href, LegacyUnforgeable] readonly attribute Location? location; @@ -33081,7 +33081,7 @@ interface HTMLIFrameElement : HTMLElement { [HTMLConstructor] constructor(); [CEReactions] attribute USVString src; - [CEReactions] attribute HTMLString srcdoc; + [CEReactions] attribute (TrustedHTML or DOMString) srcdoc; [CEReactions] attribute DOMString name; [SameObject, PutForwards=value] readonly attribute DOMTokenList sandbox; [CEReactions] attribute DOMString allow; @@ -33859,11 +33859,41 @@ interface HTMLIFrameElement : HTMLElement {

    The IDL attributes src, srcdoc, name, sandbox, and allow must reflect the respective content - attributes of the same name.

    + data-x="dom-iframe-sandbox">sandbox    , and allow must + reflect the respective content attributes of the same name.

    + +

    The srcdoc getter steps are:

    + +
      +

    1. Let attribute be the result of running get an attribute by namespace and local + name given null, srcdoc's local name, and this.

      2. + +

    2. If attribute is null, then return the empty string.

      3. + +

    3. Return attribute's value.

      4. +
    + +

    The srcdoc setter steps + are:

    + +
      +

    1. Let compliantString to the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global + object, the given value, "HTMLIFrameElement srcdoc", and "script".

      2. + +

    2. Set an attribute value given + this, srcdoc's local name, and + compliantString.

      3. +

    The supported tokens for sandbox's DOMTokenList are the allowed @@ -112543,7 +112573,7 @@ document.body.appendChild(frame)

    The document.write(...text) method steps are - to run the document write steps with this, text, false and + to run the document write steps with this, text, false, and "Document write".

    @@ -112574,7 +112604,7 @@ document.body.appendChild(frame)

    The document.writeln(...text) method steps are - to run the document write steps with this, text, true and + to run the document write steps with this, text, true, and "Document writeln".

    @@ -112583,19 +112613,19 @@ document.body.appendChild(frame)

    DOM parsing and serialization APIs

    partial interface Element {
-  [CEReactions] undefined setHTMLUnsafe(HTMLString html);
+  [CEReactions] undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
   DOMString getHTML(optional GetHTMLOptions options = {});
 
-  [CEReactions] attribute [LegacyNullToEmptyString] HTMLString innerHTML;
-  [CEReactions] attribute [LegacyNullToEmptyString] HTMLString outerHTML;
-  [CEReactions] undefined insertAdjacentHTML(DOMString position, HTMLString string);
+  [CEReactions] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
+  [CEReactions] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) outerHTML;
+  [CEReactions] undefined insertAdjacentHTML(DOMString position, (TrustedHTML or DOMString) string);
 };
 
 partial interface ShadowRoot {
-  [CEReactions] undefined setHTMLUnsafe(HTMLString html);
+  [CEReactions] undefined setHTMLUnsafe((TrustedHTML or DOMString) html);
   DOMString getHTML(optional GetHTMLOptions options = {});
 
-  [CEReactions] attribute [LegacyNullToEmptyString] HTMLString innerHTML;
+  [CEReactions] attribute (TrustedHTML or [LegacyNullToEmptyString] DOMString) innerHTML;
 };
 
 dictionary GetHTMLOptions {
@@ -112646,7 +112676,7 @@ dictionary GetHTMLOptions {
 interface DOMParser {
   constructor();
 
-  [NewObject] Document parseFromString(HTMLString string, DOMParserSupportedType type);
+  [NewObject] Document parseFromString((TrustedHTML or DOMString) string, DOMParserSupportedType type);
 };
 
 enum DOMParserSupportedType {
@@ -112667,6 +112697,12 @@ enum DOMParserSupportedType {
   type) method steps are:
    
 
   
      
+   
    1. Let compliantString to the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+   object, string, "DOMParser parseFromString", and "script".
      2. 
+
    
    2. 
     
      Let document be a new Document, whose content type is type and DOMParserSupportedType {
 
     
      The document's encoding will
     be left as its default, of UTF-8. In particular, any XML declarations or
-    meta elements found while parsing string will have no effect.
      
+    meta elements found while parsing compliantString will have no effect.
      
    
      3. 
 
    
    3. 
@@ -112692,7 +112728,7 @@ enum DOMParserSupportedType {
      
      
       
        
        
      1. Parse HTML from a string given document and
-       string.
        2. 
+       compliantString.
        
       
      
 
       
      Since document does not have a DOMParserSupportedType {
        
    4. Create an XML parser parse, associated with
        document, and with XML scripting support disabled.
      5. 
 
-       
    5. Parse string using parser.
      
+       
    6. Parse compliantString using parser.
      
 
        
    7. 
         
      If the previous step resulted in an XML well-formedness or XML namespace well-formedness
@@ -112803,17 +112839,33 @@ enum DOMParserSupportedType {
   are:
      
 
   
        
+   
      1. Let compliantHTML be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+   object, html, "Element setHTMLUnsafe", and "script".
        2. 
+
    
      2. Let target be this's template contents if
    this is a template element; otherwise this.
        3. 
 
    
      3. Unsafely set HTML given target, this, and
-   html.
        4. 
+   compliantHTML.
        
   
      
 
   
      ShadowRoot's setHTMLUnsafe(html) method steps
-  are to unsafely set HTML given this, this's shadow host, and html.
      
+  are:
      
+
+  
        
+   
      1. Let compliantHTML be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+   object, html, "ShadowRoot setHTMLUnsafe", and "script".
        2. 
+
+   
      2. Unsafely set HTML given this, this's shadow host, and compliantHTML.
        3. 
+  
      
 
   
      To unsafely set HTML, given an Element or DocumentFragment
   target, an Element contextElement, and a string
@@ -112839,6 +112891,12 @@ enum DOMParserSupportedType {
   data-x="dom-parseHTMLUnsafe">parseHTMLUnsafe(html) method steps are:
      
 
   
        
+   
      1. Let compliantHTML to the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+   object, html, "Document parseHTMLUnsafe", and "script".
        2. 
+
    
      2. 
     
        Let document be a new Document, whose content type is "DOMParserSupportedType {
    true.
        3. 
 
    
      3. Parse HTML from a string given document and
-   html.
        4. 
+   compliantHTML.
        
 
    
      4. Return document.
        5. 
   
      
@@ -112995,10 +113053,16 @@ enum DOMParserSupportedType {
   are:
      
 
   
        
+    
      1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+    object, the given value, "Element innerHTML", and "script".
        2. 
+
     
      2. Let context be this.
        3. 
 
     
      3. Let fragment be the result of invoking the fragment parsing algorithm
-    steps with context and the given value.
        4. 
+    steps with context and compliantString.
        
 
     
      4. 
      
        If context is a template element, then set context to
@@ -113018,11 +113082,17 @@ enum DOMParserSupportedType {
   steps are:
        
 
   
          
+    
        1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+    object, the given value, "ShadowRoot innerHTML", and "script".
          2. 
+
     
        2. Let context be this's host.
          3. 
 
     
        3. Let fragment be the result of invoking the fragment parsing algorithm
-    steps with context and the given value.
          4. 
+    steps with context and compliantString.
          
 
     
        4. Replace all with fragment
     within this.
          5. 
@@ -113076,6 +113146,12 @@ enum DOMParserSupportedType {
   are:
          
 
   
            
+    
          1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+    object, the given value, "Element outerHTML", and "script".
            2. 
+
     
          2. Let parent be this's parent.
            3. 
 
     
          3. If parent is null, return. There would be no way to obtain a
@@ -113089,7 +113165,7 @@ enum DOMParserSupportedType {
     node document, body, and the HTML namespace.
            4. 
 
     
          4. Let fragment be the result of invoking the fragment parsing algorithm
-    steps given parent and the given value.
            5. 
+    steps given parent and compliantString.
            
 
     
          5. Replace this with
     fragment within this's parent.
            6. 
@@ -113144,6 +113220,12 @@ enum DOMParserSupportedType {
   string)             method steps are:
            
 
   
              
+   
            1. Let compliantString be the result of invoking the Get Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+   object, string, "Element insertAdjacentHTML", and "script".
              2. 
+
    
            2. Let context be null.
              3. 
 
    
            3. Use the first matching item from this list:
              
@@ -113187,7 +113269,7 @@ enum DOMParserSupportedType {
 
    
            4. 
     
              Let fragment be the result of invoking the fragment parsing algorithm
-    steps with context and string.
              
+    steps with context and compliantString.
              
    
              5. 
 
    
            5. Use the first matching item from this list:
@@ -113252,7 +113334,7 @@ enum DOMParserSupportedType {
   and attributes like script or event handler content attributes.
              
 
   
              partial interface Range {
-  [CEReactions, NewObject] DocumentFragment createContextualFragment(HTMLString string);
+  [CEReactions, NewObject] DocumentFragment createContextualFragment((TrustedHTML or DOMString) string);
 };
              
 
   
              
@@ -113262,6 +113344,12 @@ enum DOMParserSupportedType {
   method steps are:
              
 
   
                
+   
              1. Let compliantString be the result of invoking the Get
+   Trusted Type compliant string algorithm with TrustedHTML, this's relevant global
+   object, string, and "Range
+   createContextualFragment".
                2. 
+
    
              2. Let node be this's start
    node.
                3. 
 
@@ -113293,7 +113381,7 @@ enum DOMParserSupportedType {
    
 
    
              3. Let fragment node be the result of invoking the fragment parsing
-   algorithm steps with element and string.
                4. 
+   algorithm steps with element and compliantString.
                
 
    
              4. 
     
                For each script of fragment node's
@@ -118393,7 +118481,7 @@ interface WorkerGlobalScope : EventTarget {
   readonly attribute WorkerGlobalScope self;
   readonly attribute WorkerLocation location;
   readonly attribute WorkerNavigator navigator;
-  undefined importScripts(ScriptURLString... urls);
+  undefined importScripts((TrustedScriptURL or USVString)... urls);
 
   attribute OnErrorEventHandler onerror;
   attribute EventHandler onlanguagechange;
@@ -119248,7 +119336,7 @@ interface SharedWorkerGlobalScope : WorkerGlobalScope
 
   
                [Exposed=(Window,DedicatedWorker,SharedWorker)]
 interface Worker : EventTarget {
-  constructor(ScriptURLString scriptURL, optional WorkerOptions options = {});
+  constructor((TrustedScriptURL or USVString) scriptURL, optional WorkerOptions options = {});
 
   undefined terminate();
 
@@ -119346,11 +119434,17 @@ enum WorkerType { "classic", "module" };
   steps:
                
 
   
                  
+   
                1. Let compliantScriptURL be the result of invoking the Get Trusted Type compliant string algorithm with TrustedScriptURL, this's relevant global
+   object, scriptURL, "Worker constructor", and "script".
                  2. 
+
    
                2. Let outside settings be the current settings object.
                  
 
    
                3. 
     
                  Let worker URL be the result of encoding-parsing a URL given
-    scriptURL, relative to outside settings.
                  
+    compliantScriptURL, relative to outside settings.
                  
 
     
                  Any same-origin URL (including blob: URLs) can be used. data:
@@ -119387,7 +119481,7 @@ enum WorkerType { "classic", "module" };
 
   
                  [Exposed=Window]
 interface SharedWorker : EventTarget {
-  constructor(ScriptURLString scriptURL, optional (DOMString or WorkerOptions) options = {});
+  constructor((TrustedScriptURL or USVString) scriptURL, optional (DOMString or WorkerOptions) options = {});
 
   readonly attribute MessagePort port;
 };
@@ -119436,6 +119530,12 @@ interface SharedWorker : EventTarget {
   constructor is invoked:
                  
 
   
                    
+   
                  1. Let compliantScriptURL be the result of invoking the Get Trusted Type compliant string algorithm with TrustedScriptURL, this's relevant global
+   object, scriptURL, "SharedWorker constructor", and
+   "script".
                    2. 
+
    
                  2. If options is a DOMString, set
    options to a new WorkerOptions dictionary whose name member is set to the value of options and whose other members
@@ -119445,7 +119545,7 @@ interface SharedWorker : EventTarget {
 
    
                  3. 
     
                    Let urlRecord be the result of encoding-parsing a URL given
-    scriptURL, relative to outside settings.
                    
+    compliantScriptURL, relative to outside settings.
                    
 
     
                    Any same-origin URL (including blob: URLs) can be used. data:
@@ -119629,8 +119729,26 @@ interface SharedWorker : EventTarget {
 
   
                    The importScripts(...urls)
-  method steps are to import scripts into worker global scope given this
-  and urls.
                    
+  method steps are:
                    
+
+  
                      
+   
                    1. Let urlStrings be « ».
                      2. 
+
+   
                    2. 
+    
                      For each url of urls:
                      
+
+    
                        
+     
                      1. Append the result of invoking the Get Trusted Type compliant string algorithm with TrustedScriptURL, this's relevant
+     global object, url, "Worker importScripts", and "script" to urlStrings.
                        2. 
+    
                      
+   
                      3. 
+
+   
                    3. Import scripts into worker global scope given this and
+   urlStrings.
                      4. 
+  
                    
 
   
                    To import scripts into worker global scope, given a
   WorkerGlobalScope object worker global scope, a list of