In code asset reference declarations seem trustable

tc39 / proposal-dynamic-import-host-adjustment

TC39 proposal that affects doesn't stringify argument to import(...) early to enable interop with WICG/trusted-types

MIT License

18 stars 3 forks source link

In code asset reference declarations seem trustable #4

Open mikesamuel opened 4 years ago

mikesamuel commented 4 years ago

When an asset reference statically includes a module reference, it seems we should privilege that to the same degree we privilege static import.

There's no reason to treat the "foo"s differently in

asset Foo from "foo";

import from "foo";

Perhaps TT could specify a host hook HostStaticAssetReference that, in a browser context, uses the realm's TrustedTypesPolicyFactory to bless "foo".

@bmeck

bmeck commented 4 years ago

This needs likely also needs to cover what happens if asset references are dynamically created. If hosts are the only means to bless [[CodeLike]]s asset references and other proposals need to have some invariant they can follow about what they need to do to integrate with hosts.

mikesamuel commented 4 years ago

Filed w3c/webappsec-trusted-types/issues/247 to track dynamic asset references.