Need way to declare values as safe without using closure libraries

Polymer / polymer-resin

XSS mitigation for Polymer webcomponents that uses safe html type contracts

BSD 3-Clause "New" or "Revised" License

18 stars 5 forks source link

Need way to declare values as safe without using closure libraries #5

Closed wyattallen closed 6 years ago

wyattallen commented 6 years ago

PolyGerrit doesn't use closure libraries, but the documentation doesn't show how to declare values as safe in JS without using the goog.http.* types.

mikesamuel commented 6 years ago

without using the goog.http.* types.

s/http/html/ ?

I was planning on adding an isSafeInContext hook for

Trusted types interop
React hardening

That should allow plugging in a non-closure implementation of trusted types. Would that be sufficient for you?

wyattallen commented 6 years ago

Would that be sufficient for you?

That certainly sounds sufficient!

s/http/html/ ?

Yes, oops. :-)

mikesamuel commented 6 years ago

Closing. safeTypesBridge has landed.