Check variable naming inside of getAttributeType and getPropertyType methods

w3c / trusted-types

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

https://w3c.github.io/trusted-types/dist/spec/

Other

605 stars 73 forks source link

Check variable naming inside of getAttributeType and getPropertyType methods #496

Open lukewarlow opened 7 months ago

lukewarlow commented 7 months ago

See https://github.com/WebKit/WebKit/pull/26552#issuecomment-2025243333 for context but TLDR make sure these two functions have parameters and variables named coherently.

fred-wang commented 2 weeks ago

So IIUC, the problem is the confusion with Element.tagName) which returns uppercased qualified name. So the suggestion is to rename the tagName parameter to use localName instead?

fred-wang commented 1 week ago

cc @smaug----

So another source of confusion is the "attribute" argument from getAttributeType().

Comparing with [createAttribute(https://dom.spec.whatwg.org/#dom-document-createattribute)] and createAttributeNS, it could better be renamed "local name" or "qualified name".

Besides lowercasing (see #424 for a proposal to remove that), the argument is pass as is to Get Trusted Type data for attribute which treats it as a "local name", so it seems what this attribute really is.