Change Script Enforcement Mechanism to use flags #579
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This still requires changes to deal with the issues related to children changed steps being fired by parser. |
Also add SVGScriptElement to spec
05fda45 to
11456d2
Compare
lukewarlow
commented
Feb 3, 2025
|
|
||
| 1. Set [=this=]'s [=SVGScriptElement/is trusted=] to false. | ||
|
|
||
| 1. Run the {{SVGScriptElement|script}} [=post-connection steps=], given [=this=]. |
There was a problem hiding this comment.
Does SVG even have this?
There was a problem hiding this comment.
SVG has very little but we can add a note that we assume it has the same as HTML script has.
|
Opened #581 to at least add SVG to the existing spec while this bit is still to be worked out. |
fred-wang
reviewed
May 16, 2025
| <li>... | ||
| </ol> | ||
|
|
||
| Issue: There's no proper definition for the processing of SVG script elements. However, you should apply a similar change to the processing of {{SVGScriptElement}}s. |
There was a problem hiding this comment.
Can we mention the sink name explicitly? WebKit uses "SVGScriptElement text": https://searchfox.org/wubkat/rev/d1661224f525bf15e34fde4eafe9de09b92c864b/Source/WebCore/dom/ScriptElement.cpp#192
lando-prod-mozilla bot
pushed a commit
to mozilla-firefox/firefox
that referenced
this pull request
May 31, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456
moz-wptsync-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
May 31, 2025
…ormed by the default policy. This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1968383 gecko-commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4 gecko-reviewers: smaug
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
May 31, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Jun 1, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 UltraBlame original commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Jun 1, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 UltraBlame original commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Jun 1, 2025
… text transformed by the default policy. r=smaug This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 UltraBlame original commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4
moz-wptsync-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Jun 2, 2025
…ormed by the default policy. This verifies that the source text transformed by the default policy is used for various steps of "prepare the script element": https://html.spec.whatwg.org/#prepare-the-script-element PR w3c/trusted-types#579 Differential Revision: https://phabricator.services.mozilla.com/D251456 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1968383 gecko-commit: b40ba3e6cd668c9890ed7e4c6bdfdf2ee60cbcc4 gecko-reviewers: smaug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Also add SVGScriptElement to spec
Preview | Diff