Closed mikesamuel closed 3 years ago
@gibson042 @bathos @jridgewell
I put together an example.
I've done some other work on tag functions that mark their output as trusted based on assumptions about the provenance of tag template inputs include:
Those are based on the outcome of the "Node Security Roadmap" discussion of Structured Strings
The comment-walkthrough is great imo.
Fix #12
This does not meet @gibson042's requirement:
but as explained on the issue, I think that's the wrong standard.
If we can assume some mechanism to solve provisioning, getting a sensitiveOperation to a tag function without providing it to all the tag function's potential callers, then an unbypassable isTemplateObject check can provide value.
Trusted Types has provisioning machinery, so the example uses that.