search

w3c / webappsec-csp

WebAppSec Content Security Policy
https://w3c.github.io/webappsec-csp/
Other
204 stars 78 forks source link

Upstream trusted type changes #651

Open lukewarlow opened 4 months ago

lukewarlow commented 4 months ago

I'm opening this issue to discuss whether and what parts of the trusted types spec should be upstreamed to the CSP spec.

We currently define extensions to the CSP spec in https://w3c.github.io/trusted-types/dist/spec/#integration-with-content-security-policy

While some of this would probably be fine to stay in trusted types, there is a section that monkey patches EnsureCSPDoesNotBlockStringCompilation https://w3c.github.io/trusted-types/dist/spec/#csp-eval

cc @bkardell

mbrodesser-Igalia commented 2 months ago

Minutes of the discussion: https://github.com/w3c/webappsec/blob/main/meetings/2024/2024-03-20-minutes.md#trusted-types