issues
search
w3c
/
trusted-types
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
https://w3c.github.io/trusted-types/dist/spec/
Other
600
stars
70
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
WPTs for pre-navigation check of form-submission should be added
#549
mbrodesser-Igalia
opened
3 days ago
1
"pre-navigation check" uses "request’s clients's global object" which is null
#548
mbrodesser-Igalia
opened
1 week ago
1
Add WPT for "create navigation params by fetching" step 19.3
#547
mbrodesser-Igalia
closed
1 week ago
4
Update LICENSE.md
#546
Johnbad2000
closed
1 week ago
1
Export the two CSP directives
#545
lukewarlow
opened
2 weeks ago
1
Remove CSP dynamic code compilation block
#544
lukewarlow
closed
2 weeks ago
0
https://html.spec.whatwg.org/#dom-range-createcontextualfragment should pass "'script'"
#543
mbrodesser-Igalia
opened
3 weeks ago
0
"Get Trusted Type compliant string" is called with "script" instead of "'script'"
#542
mbrodesser-Igalia
opened
1 month ago
1
"stringifying" in "Process value with a default policy" needs to be defined
#541
mbrodesser-Igalia
opened
1 month ago
1
How can policyValue be 'undefined'?
#540
smaug----
opened
1 month ago
2
Strip "function anonymous" prefixes from Function samples
#539
lukewarlow
closed
2 weeks ago
0
Export the 'require-trusted-types-for' dfn
#538
robbiemc
opened
2 months ago
0
Does the DOM spec really need to special case script elements for replaceChildren etc.
#537
lukewarlow
opened
2 months ago
3
Should the default policy be invoked when trusted types are not required?
#536
mbrodesser-Igalia
opened
2 months ago
4
Should the APIs for creating a TrustedScript etc return a frozen object?
#535
lukewarlow
opened
2 months ago
1
Should "Get Trusted Type compliant string" check `isHTML`/`isScript`/`isScriptURL`?
#534
mbrodesser-Igalia
opened
2 months ago
0
Change Script Enforcement Mechanism to use flags
#533
lukewarlow
opened
2 months ago
3
Is "code updating a script before it finishes parsing" within the threat model of Trusted Types?
#532
lukewarlow
closed
2 months ago
4
Should the `trusted-types` CSP directive support the `report-sample` keyword?
#531
mbrodesser-Igalia
closed
3 months ago
7
Add WPT that `createPolicy` which violates the `trusted-types` CSP directive fires a violation event for Windows (not Workers)
#530
mbrodesser-Igalia
opened
3 months ago
0
Update `<wpt>` block
#529
lukewarlow
closed
3 months ago
0
Update TrustedTypePolicyOptions usages to use map syntax.
#528
lukewarlow
closed
2 months ago
0
Handle null policyValue in Create a Trusted Type
#527
lukewarlow
closed
3 months ago
0
Add WPTs for `report-uri` with Workers
#526
mbrodesser-Igalia
opened
3 months ago
0
Script element mid-parse protection mechanism
#525
lukewarlow
opened
3 months ago
10
Add script protection mechanisms to SVGScriptElement
#524
lukewarlow
closed
2 months ago
3
Remove HostEnsureCanCompileStrings and HostGetCodeForEval
#523
lukewarlow
closed
3 months ago
0
Remove timer integration block
#522
lukewarlow
closed
3 months ago
0
getPropertyType and SVGScriptElement href baseVal property
#521
lukewarlow
opened
3 months ago
2
Finalise spec mechanism for event handlers
#520
lukewarlow
opened
3 months ago
8
Seeking Trusted Types feedback on Array.isTemplateObject
#519
littledan
opened
4 months ago
5
Add an |includeReportOnly| boolean argument to Does sink type require trusted types?
#518
lukewarlow
opened
4 months ago
0
Should all 3 script IDL setters change the associated script text value identically
#517
lukewarlow
opened
4 months ago
11
Replace timer functions section with upstream PR link
#516
lukewarlow
closed
4 months ago
0
Remove links to merged upstream PRs
#515
lukewarlow
closed
4 months ago
0
Replace EnsureCSPDoesNotBlockStringCompilation section with link to upstream PR
#514
lukewarlow
closed
4 months ago
2
Add WPTs for CSP `sandbox allow-scripts` combined with Trusted Types
#513
mbrodesser-Igalia
opened
4 months ago
2
Should SVGScriptElement have an IDL way to set a trusted script value?
#512
lukewarlow
opened
4 months ago
2
"Create a Trusted Type Policy" should specify the TypeError messages
#511
mbrodesser-Igalia
closed
2 months ago
3
Spec / implementation mismatch with document.write/writeln
#510
lukewarlow
closed
4 months ago
8
"Should Trusted Type policy creation be blocked by Content Security Policy?" passes "directive" instead of directive's name to "Create a violation object for global, policy, and directive"
#509
mbrodesser-Igalia
opened
5 months ago
0
WPT for CSP header `trusted-types 'none' 'none'` missing
#508
mbrodesser-Igalia
closed
3 months ago
9
Script element protection model
#507
lukewarlow
opened
5 months ago
2
Link to spec PRs for in-progress upstreams
#506
lukewarlow
closed
5 months ago
0
faq.md outdated
#505
lukewarlow
closed
5 months ago
1
`createPolicy`'s permitted policy names are inconsistent with CSP's permitted policy names
#504
mbrodesser-Igalia
opened
5 months ago
5
Fix links to innerHTML property.
#503
lukewarlow
closed
5 months ago
0
Update slots
#502
lukewarlow
closed
5 months ago
2
Update spec to match latest ECMA262 proposal shape.
#501
lukewarlow
closed
5 months ago
0
`execCommand` spec won't work
#500
lukewarlow
closed
4 months ago
7
Next