issues
search
w3c
/
trusted-types
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
https://w3c.github.io/trusted-types/dist/spec/
Other
600
stars
70
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Update HTML Parser steps for script element to set "script text"
#499
lukewarlow
closed
3 months ago
0
Remove StringContext attribute
#498
lukewarlow
closed
3 months ago
0
Fix type issue between get tt compliant string and validate string in context
#497
lukewarlow
closed
5 months ago
1
Check variable naming inside of getAttributeType and getPropertyType methods
#496
lukewarlow
opened
6 months ago
0
Remove outdated event handler section
#495
lukewarlow
closed
5 months ago
0
Improve test coverage of sink values
#494
lukewarlow
opened
6 months ago
1
Make sink an argument to get tt compliant attribute value
#493
lukewarlow
closed
5 months ago
1
Get trusted type compliant attribute value sink
#492
lukewarlow
closed
5 months ago
1
CSP sample for eval and Function
#491
lukewarlow
closed
2 weeks ago
8
Add missing HostEnsureCanCompileStrings monkeypatch
#490
lukewarlow
closed
6 months ago
0
Remove changes upstreamed to DOM Parsing
#489
lukewarlow
closed
6 months ago
0
"Validate the string in context" takes any value and calls "Get Trusted Type compliant string" which requires a TrustedType or a string
#488
mbrodesser-Igalia
closed
5 months ago
12
Remove changes upstreamed to SVG
#487
lukewarlow
closed
6 months ago
0
Remove enforcement from embed and object elements
#486
lukewarlow
closed
5 months ago
5
Remove IDL changes upstreamed to HTML
#485
lukewarlow
closed
6 months ago
0
Update IDL for script enforcement
#484
lukewarlow
closed
5 months ago
8
SVGScriptElement needs TT protection too
#483
lukewarlow
opened
6 months ago
0
Callback IDL types
#482
lukewarlow
closed
2 months ago
2
Update handling of timer functions
#481
lukewarlow
closed
6 months ago
2
HTML timers as specced won't work
#480
lukewarlow
closed
6 months ago
2
Add export attr to [[Data]] slot dfns
#479
lukewarlow
closed
6 months ago
0
Add dfn for [[Data]] internal slot
#478
lukewarlow
closed
6 months ago
0
Correct the location of some IDL
#477
lukewarlow
closed
6 months ago
0
[Meta] Upstream changes
#476
lukewarlow
opened
6 months ago
2
Replace WebIDL section with a link to new PR
#475
lukewarlow
closed
6 months ago
0
Event handler enforcement section wrong
#474
lukewarlow
closed
3 months ago
1
Add new `trusted-eval` source expression to 'script-src' directive.
#473
lukewarlow
closed
4 months ago
3
Adopt Infra syntax throughout
#472
annevk
opened
6 months ago
0
Developer-centric research results about Trusted Types
#471
rothsn
opened
6 months ago
2
Create a Trusted Type Policy seems to directly set properties to callbacks
#470
annevk
closed
6 months ago
2
Stringification of TrustedHTML with `null`-data needs to be specified
#469
mbrodesser-Igalia
opened
6 months ago
21
Why is "callback **this** value set to null" required in step 5 of "Get Trusted Type policy value"?
#468
mbrodesser-Igalia
opened
6 months ago
1
Is parseFromString where the type is "application/xml" an actual risk?
#467
technion
closed
6 months ago
3
Creating a policy with policyName="" is possible, but can't be referred to by the "trusted-types" CSP directive
#466
mbrodesser-Igalia
opened
6 months ago
6
Remove default policy manipulating eval
#465
lukewarlow
closed
6 months ago
0
Update support for dynamic code compilation
#464
lukewarlow
closed
6 months ago
1
Missing test for SVG href and getAttributeType function
#463
lukewarlow
closed
6 months ago
1
Trusted Types closure to replace fallback policy
#462
lukewarlow
opened
7 months ago
6
Can we drop the default policy value changing from Eval, new Function() (and other usages of the dynamic code brand checks proposal)?
#461
lukewarlow
closed
3 months ago
16
Fix IDL of getAttributeType and getPropertyType
#460
lukewarlow
closed
5 months ago
2
Why are `policyOptions` an optional argument of `createPolicy`?
#459
mbrodesser-Igalia
closed
7 months ago
2
Function constructor and default policy
#458
lukewarlow
closed
6 months ago
4
Rewrite metadata functions
#457
lukewarlow
closed
3 months ago
5
`getPropertyType()` needs a rewrite?
#456
lukewarlow
closed
3 months ago
0
Ensure spec PR's diffs are generated correctly
#455
mbrodesser-Igalia
opened
7 months ago
5
https://w3c.github.io/trusted-types/dist/spec/#webidl-validate-the-string-in-context should link to the HTML standard's definition of how the validation is performed
#454
mbrodesser-Igalia
closed
6 months ago
4
Add example for CSP header with `'none'`
#453
mbrodesser-Igalia
closed
7 months ago
0
Consider deleting the master branch as it's superseded by the main branch
#452
mbrodesser-Igalia
closed
7 months ago
1
Is there a convenient way to see the rendered diff a spec PR?
#451
mbrodesser-Igalia
closed
7 months ago
0
Extract `Does sink type require trusted types?` to its own algorithm
#450
lukewarlow
closed
7 months ago
7
Previous
Next