issues
search
w3c
/
trusted-types
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
https://w3c.github.io/trusted-types/dist/spec/
Other
584
stars
68
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Add WPTs for `report-uri` with Workers
#526
mbrodesser-Igalia
opened
21 hours ago
0
Script element mid-parse protection mechanism
#525
lukewarlow
opened
5 days ago
1
Add script protection mechanisms to SVGScriptElement
#524
lukewarlow
opened
5 days ago
3
Remove HostEnsureCanCompileStrings and HostGetCodeForEval
#523
lukewarlow
closed
3 hours ago
0
Remove timer integration block
#522
lukewarlow
closed
5 days ago
0
getPropertyType and SVGScriptElement href baseVal property
#521
lukewarlow
opened
5 days ago
0
Finalise spec mechanism for event handlers
#520
lukewarlow
opened
5 days ago
0
Seeking Trusted Types feedback on Array.isTemplateObject
#519
littledan
opened
2 weeks ago
5
Add an |includeReportOnly| boolean argument to Does sink type require trusted types?
#518
lukewarlow
opened
2 weeks ago
0
Should all 3 script IDL setters change the associated script text value identically
#517
lukewarlow
opened
4 weeks ago
10
Replace timer functions section with upstream PR link
#516
lukewarlow
closed
1 month ago
0
Remove links to merged upstream PRs
#515
lukewarlow
closed
1 month ago
0
Replace EnsureCSPDoesNotBlockStringCompilation section with link to upstream PR
#514
lukewarlow
closed
1 month ago
2
Add WPTs for CSP `sandbox allow-scripts` combined with Trusted Types
#513
mbrodesser-Igalia
opened
1 month ago
2
Should SVGScriptElement have an IDL way to set a trusted script value?
#512
lukewarlow
opened
1 month ago
2
"Create a Trusted Type Policy" should specify the TypeError messages
#511
mbrodesser-Igalia
opened
1 month ago
3
Spec / implementation mismatch with document.write/writeln
#510
lukewarlow
closed
2 weeks ago
8
"Should Trusted Type policy creation be blocked by Content Security Policy?" passes "directive" instead of directive's name to "Create a violation object for global, policy, and directive"
#509
mbrodesser-Igalia
opened
1 month ago
0
WPT for CSP header `trusted-types 'none' 'none'` missing
#508
mbrodesser-Igalia
closed
5 days ago
9
Script element protection model
#507
lukewarlow
opened
1 month ago
2
Link to spec PRs for in-progress upstreams
#506
lukewarlow
closed
1 month ago
0
faq.md outdated
#505
lukewarlow
closed
2 months ago
1
`createPolicy`'s permitted policy names are inconsistent with CSP's permitted policy names
#504
mbrodesser-Igalia
opened
2 months ago
5
Fix links to innerHTML property.
#503
lukewarlow
closed
2 months ago
0
Update slots
#502
lukewarlow
closed
2 months ago
2
Update spec to match latest ECMA262 proposal shape.
#501
lukewarlow
closed
2 months ago
0
`execCommand` spec won't work
#500
lukewarlow
closed
1 month ago
7
Update HTML Parser steps for script element to set "script text"
#499
lukewarlow
closed
5 days ago
0
Remove StringContext attribute
#498
lukewarlow
closed
5 days ago
0
Fix type issue between get tt compliant string and validate string in context
#497
lukewarlow
closed
2 months ago
1
Check variable naming inside of getAttributeType and getPropertyType methods
#496
lukewarlow
opened
2 months ago
0
Remove outdated event handler section
#495
lukewarlow
closed
2 months ago
0
Improve test coverage of sink values
#494
lukewarlow
opened
2 months ago
1
Make sink an argument to get tt compliant attribute value
#493
lukewarlow
closed
2 months ago
1
Get trusted type compliant attribute value sink
#492
lukewarlow
closed
1 month ago
1
CSP sample for eval and Function
#491
lukewarlow
opened
2 months ago
4
Add missing HostEnsureCanCompileStrings monkeypatch
#490
lukewarlow
closed
2 months ago
0
Remove changes upstreamed to DOM Parsing
#489
lukewarlow
closed
2 months ago
0
"Validate the string in context" takes any value and calls "Get Trusted Type compliant string" which requires a TrustedType or a string
#488
mbrodesser-Igalia
closed
1 month ago
12
Remove changes upstreamed to SVG
#487
lukewarlow
closed
2 months ago
0
Remove enforcement from embed and object elements
#486
lukewarlow
closed
2 months ago
5
Remove IDL changes upstreamed to HTML
#485
lukewarlow
closed
2 months ago
0
Update IDL for script enforcement
#484
lukewarlow
closed
1 month ago
8
New `script text` associated data and associated mechanisms need adding to SVGScriptElement
#483
lukewarlow
opened
3 months ago
0
Callback IDL types
#482
lukewarlow
opened
3 months ago
1
Update handling of timer functions
#481
lukewarlow
closed
2 months ago
2
HTML timers as specced won't work
#480
lukewarlow
closed
2 months ago
2
Add export attr to [[Data]] slot dfns
#479
lukewarlow
closed
3 months ago
0
Add dfn for [[Data]] internal slot
#478
lukewarlow
closed
3 months ago
0
Correct the location of some IDL
#477
lukewarlow
closed
3 months ago
0
Next