w3c trusted-types issues

w3c / trusted-types

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

https://w3c.github.io/trusted-types/dist/spec/

Other

584 stars 68 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Add WPTs for `report-uri` with Workers

#526 mbrodesser-Igalia opened 21 hours ago
0
Script element mid-parse protection mechanism

#525 lukewarlow opened 5 days ago
1
Add script protection mechanisms to SVGScriptElement

#524 lukewarlow opened 5 days ago
3
Remove HostEnsureCanCompileStrings and HostGetCodeForEval

#523 lukewarlow closed 3 hours ago
0
Remove timer integration block

#522 lukewarlow closed 5 days ago
0
getPropertyType and SVGScriptElement href baseVal property

#521 lukewarlow opened 5 days ago
0
Finalise spec mechanism for event handlers

#520 lukewarlow opened 5 days ago
0
Seeking Trusted Types feedback on Array.isTemplateObject

#519 littledan opened 2 weeks ago
5
Add an |includeReportOnly| boolean argument to Does sink type require trusted types?

#518 lukewarlow opened 2 weeks ago
0
Should all 3 script IDL setters change the associated script text value identically

#517 lukewarlow opened 4 weeks ago
10
Replace timer functions section with upstream PR link

#516 lukewarlow closed 1 month ago
0
Remove links to merged upstream PRs

#515 lukewarlow closed 1 month ago
0
Replace EnsureCSPDoesNotBlockStringCompilation section with link to upstream PR

#514 lukewarlow closed 1 month ago
2
Add WPTs for CSP `sandbox allow-scripts` combined with Trusted Types

#513 mbrodesser-Igalia opened 1 month ago
2
Should SVGScriptElement have an IDL way to set a trusted script value?

#512 lukewarlow opened 1 month ago
2
"Create a Trusted Type Policy" should specify the TypeError messages

#511 mbrodesser-Igalia opened 1 month ago
3
Spec / implementation mismatch with document.write/writeln

#510 lukewarlow closed 2 weeks ago
8
"Should Trusted Type policy creation be blocked by Content Security Policy?" passes "directive" instead of directive's name to "Create a violation object for global, policy, and directive"

#509 mbrodesser-Igalia opened 1 month ago
0
WPT for CSP header `trusted-types 'none' 'none'` missing

#508 mbrodesser-Igalia closed 5 days ago
9
Script element protection model

#507 lukewarlow opened 1 month ago
2
Link to spec PRs for in-progress upstreams

#506 lukewarlow closed 1 month ago
0
faq.md outdated

#505 lukewarlow closed 2 months ago
1
`createPolicy`'s permitted policy names are inconsistent with CSP's permitted policy names

#504 mbrodesser-Igalia opened 2 months ago
5
Fix links to innerHTML property.

#503 lukewarlow closed 2 months ago
0
Update slots

#502 lukewarlow closed 2 months ago
2
Update spec to match latest ECMA262 proposal shape.

#501 lukewarlow closed 2 months ago
0
`execCommand` spec won't work

#500 lukewarlow closed 1 month ago
7
Update HTML Parser steps for script element to set "script text"

#499 lukewarlow closed 5 days ago
0
Remove StringContext attribute

#498 lukewarlow closed 5 days ago
0
Fix type issue between get tt compliant string and validate string in context

#497 lukewarlow closed 2 months ago
1
Check variable naming inside of getAttributeType and getPropertyType methods

#496 lukewarlow opened 2 months ago
0
Remove outdated event handler section

#495 lukewarlow closed 2 months ago
0
Improve test coverage of sink values

#494 lukewarlow opened 2 months ago
1
Make sink an argument to get tt compliant attribute value

#493 lukewarlow closed 2 months ago
1
Get trusted type compliant attribute value sink

#492 lukewarlow closed 1 month ago
1
CSP sample for eval and Function

#491 lukewarlow opened 2 months ago
4
Add missing HostEnsureCanCompileStrings monkeypatch

#490 lukewarlow closed 2 months ago
0
Remove changes upstreamed to DOM Parsing

#489 lukewarlow closed 2 months ago
0
"Validate the string in context" takes any value and calls "Get Trusted Type compliant string" which requires a TrustedType or a string

#488 mbrodesser-Igalia closed 1 month ago
12
Remove changes upstreamed to SVG

#487 lukewarlow closed 2 months ago
0
Remove enforcement from embed and object elements

#486 lukewarlow closed 2 months ago
5
Remove IDL changes upstreamed to HTML

#485 lukewarlow closed 2 months ago
0
Update IDL for script enforcement

#484 lukewarlow closed 1 month ago
8
New `script text` associated data and associated mechanisms need adding to SVGScriptElement

#483 lukewarlow opened 3 months ago
0
Callback IDL types

#482 lukewarlow opened 3 months ago
1
Update handling of timer functions

#481 lukewarlow closed 2 months ago
2
HTML timers as specced won't work

#480 lukewarlow closed 2 months ago
2
Add export attr to [[Data]] slot dfns

#479 lukewarlow closed 3 months ago
0
Add dfn for [[Data]] internal slot

#478 lukewarlow closed 3 months ago
0
Correct the location of some IDL

#477 lukewarlow closed 3 months ago
0