search

w3c / trusted-types

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
https://w3c.github.io/trusted-types/dist/spec/
Other
586 stars 68 forks source link

getPropertyType and SVGScriptElement href baseVal property #521

Open lukewarlow opened 2 weeks ago

lukewarlow commented 2 weeks ago

Currently getPropertyType's spec and both Chromium and WebKit's implementation has no handling of the .href.baseVal property of an SVGScriptElement, but it does require a TrustedScriptURL.

cc @koto what should we do here?