Open lukewarlow opened 2 months ago
Aside from the parsing concern I think the current model is simplest, though less memory efficient.
As I noted in the HTML issue there's an observable difference as well. With one of the models if you set it to the same value it will still execute, but with the other it won't.
For trusted API callers you could manipulate the contents and then set the trusted bit (possibly after verifying the contents still match the input), maybe?
This issue is to discuss the model for protecting script elements, in the spec we have a mostly finalised idea for protecting them (except during parsing which needs work).
However, it currently relies on us storing a text representation of the children of the script element. If we could instead invalidate a "trusted" boolean when APIs are called this would be better.
For the parsing support there's discussion about modifiying children changed steps to pass through the source of the change, we could use this in general to invalidate the trusted bit (which would start as true).
This might not work as we'd like however as the IDL that should allow you to update would also trigger the children changed steps as if it were an API call?