Open mikesamuel opened 4 years ago
This needs likely also needs to cover what happens if asset references are dynamically created. If hosts are the only means to bless [[CodeLike]]
s asset references and other proposals need to have some invariant they can follow about what they need to do to integrate with hosts.
Filed w3c/webappsec-trusted-types/issues/247 to track dynamic asset references.
When an asset reference statically includes a module reference, it seems we should privilege that to the same degree we privilege static import.
There's no reason to treat the
"foo"
s differently inPerhaps TT could specify a host hook HostStaticAssetReference that, in a browser context, uses the realm's TrustedTypesPolicyFactory to bless
"foo"
.@bmeck