Add missing IDL changes to Parent and Child Node mixins from dom spec by lukewarlow · Pull Request #440 · w3c/trusted-types

lukewarlow · 2024-02-20T13:24:05Z

Address #438

I haven't done the DOM parts change but have made a follow up issue for tracking that so it doesn't get lost

cc @mbrodesser-Igalia

ghost · 2024-02-22T14:13:33Z

@lukewarlow could you please re-create this PR or refresh it (don't know if that's possible) so that diff and preview are generated (see #451 (comment), verified in #453)?

- Add missing IDL changes to Parent and Child Node mixins from dom spec - Update `converting nodes into a node` algorithm to enforce trusted types

lukewarlow · 2024-02-22T14:17:23Z

Nice! that's working. Just had to rebase with main.

ghost · 2024-02-22T14:35:05Z

Nice! that's working. Just had to rebase with main.

@lukewarlow could you please rebase the node-idl-updates branch too? Currently the generated Diff contains also changes for "execCommand" and perhaps more.

ghost · 2024-02-22T14:37:36Z

Nice! that's working. Just had to rebase with main.

@lukewarlow could you please rebase the node-idl-updates branch too? Currently the generated Diff contains also changes for "execCommand" and perhaps more.

Or presumably your fork's main branch has to be rebased too.

lukewarlow · 2024-02-22T14:37:49Z

That seems to be a bug with the differ as this is fully rebased.

ghost · 2024-02-22T14:45:53Z

That seems to be a bug with the differ as this is fully rebased.

To further simplify reviewing: couldn't this be a PR for the DOM spec? The diff would be simpler to consume. It has to move there eventually.

ghost · 2024-02-22T15:09:30Z

That seems to be a bug with the differ as this is fully rebased.

To further simplify reviewing: couldn't this be a PR for the DOM spec? The diff would be simpler to consume. It has to move there eventually.

@lukewarlow WDYT about creating a draft PR for the DOM spec and link to that PR from a "Integration with the DOM" section in the TT spec?

lukewarlow · 2024-02-22T15:13:30Z

Issue with that is it relies on trusted types algorithms so I think should be moved when we eventually move everything else?

ghost · 2024-02-22T15:26:54Z

Issue with that is it relies on trusted types algorithms so I think should be moved when we eventually move everything else?

Another draft relies on trusted types algos, too: https://github.com/whatwg/dom/pull/1247/files. As long as it's a draft PR, it's harmless anyway. There seems to be no advantage of keeping it in the TT spec.

ghost · 2024-02-22T15:59:19Z

+
+<pre class="idl exclude">
+partial interface mixin ParentNode {
+  [CEReactions, Unscopable] undefined prepend((Node or DOMString or TrustedScript)... nodes);


Confused: when to use [StringContext=TrustedScript] DOMString and when to use DOMString or TrustedScript?

The former is specified in https://w3c.github.io/trusted-types/dist/spec/#StringContext.

TrustedScript is the object itself, where as [StringContext=TrustedScript] DOMString (or its alias ScriptString) pass the string itself through.

These methods need the raw object because the processing happens at the algorithm level (as it needs to process TextNode content AND strings through a policy)

TrustedScript is the object itself, where as [StringContext=TrustedScript] DOMString (or its alias ScriptString) pass the string itself through.

These methods need the raw object because the processing happens at the algorithm level (as it needs to process TextNode content AND strings through a policy)

Doesn't it imply someParentNode.prepend(someString) may be called, even if trusted types are enforced?

The linked DOM spec PR updates the relevant algorithms so that the string gets put through the trusted types algos.

lukewarlow · 2024-02-22T16:04:36Z

Another draft relies on trusted types algos, too: https://github.com/whatwg/dom/pull/1247/files. As long as it's a draft PR, it's harmless anyway. There seems to be no advantage of keeping it in the TT spec.

Okay yeah fair I forgot about that one. I'll move this across to a draft PR there

lukewarlow · 2024-02-22T17:45:48Z

I've opened whatwg/dom#1258

- Add missing IDL changes to Parent and Child Node mixins from dom spec - Link to DOM spec PR with IDL and algorithm changes

lukewarlow · 2024-02-22T18:09:37Z

@koto I see you've updated IDL in your DOM spec PR should the IDL changes specifically be included in the trusted types spec too? Or should we just link out to the relevant place in the DOM spec (once merged)?

I want to ensure we have some unified place to come to for all trusted types changes but also understand we don't want to monkeypatch and duplicate effort.

I've updated this PR to the IDL change and a link to my PR only. But it'd be good to understand what we want the end goal to be. It'd be especially interesting to know what people think the plan should be for ongoing maintenence. Should we make a PR to HTML for example updating the relevant IDL with the new types?

koto · 2024-02-26T17:46:05Z

I think we should prioritize upstreaming all the integrations, as monkeypatching just isn't easy to work with. That includes DOM, DOM Parsing, HTML and WebIDL at the least.

lukewarlow · 2024-03-13T14:35:14Z

Closing this as these integrations will all be upstreamed.

lukewarlow force-pushed the node-idl-updates branch 2 times, most recently from 7af8cd1 to 49f3af5 Compare February 20, 2024 16:34

lukewarlow marked this pull request as ready for review February 20, 2024 16:34

lukewarlow requested a review from koto February 20, 2024 16:34

lukewarlow force-pushed the node-idl-updates branch from 49f3af5 to ed02b5b Compare February 20, 2024 16:38

lukewarlow mentioned this pull request Feb 20, 2024

Issue with script enforcement #437

Closed

Add missing integration with DOM

1c60cd8

- Add missing IDL changes to Parent and Child Node mixins from dom spec - Update `converting nodes into a node` algorithm to enforce trusted types

lukewarlow force-pushed the node-idl-updates branch from ed02b5b to 1c60cd8 Compare February 22, 2024 14:15

ghost reviewed Feb 22, 2024

View reviewed changes

Add missing integration with DOM

edde5f7

- Add missing IDL changes to Parent and Child Node mixins from dom spec - Link to DOM spec PR with IDL and algorithm changes

lukewarlow closed this Mar 13, 2024

lukewarlow deleted the node-idl-updates branch March 27, 2024 18:17

Conversation

lukewarlow commented Feb 20, 2024 • edited by pr-preview Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ghost commented Feb 22, 2024

Uh oh!

lukewarlow commented Feb 22, 2024

Uh oh!

ghost commented Feb 22, 2024 • edited by ghost Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ghost commented Feb 22, 2024

Uh oh!

lukewarlow commented Feb 22, 2024

Uh oh!

ghost commented Feb 22, 2024

Uh oh!

ghost commented Feb 22, 2024

Uh oh!

lukewarlow commented Feb 22, 2024

Uh oh!

ghost commented Feb 22, 2024 • edited by ghost Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ghost Feb 22, 2024

Choose a reason for hiding this comment

Uh oh!

lukewarlow Feb 22, 2024

Choose a reason for hiding this comment

Uh oh!

ghost Feb 26, 2024

Choose a reason for hiding this comment

Uh oh!

lukewarlow Mar 13, 2024

Choose a reason for hiding this comment

Uh oh!

lukewarlow commented Feb 22, 2024

Uh oh!

lukewarlow commented Feb 22, 2024

Uh oh!

lukewarlow commented Feb 22, 2024

Uh oh!

koto commented Feb 26, 2024

Uh oh!

lukewarlow commented Mar 13, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

lukewarlow commented Feb 20, 2024 •

edited by pr-preview Bot

Loading

ghost commented Feb 22, 2024 •

edited by ghost

Loading

ghost commented Feb 22, 2024 •

edited by ghost

Loading