Upstream Trusted Types enforcement in EnsureCSPDoesNotBlockStringCompilation#659
Upstream Trusted Types enforcement in EnsureCSPDoesNotBlockStringCompilation#659lukewarlow merged 4 commits intow3c:mainfrom
Conversation
…ilation - Also update the violation object resource definition.
|
@annevk just so I'm not putting all this spec stuff on your plate, do you know who else might be able to review this? |
|
I'll take a look tomorrow. 👍 |
mikewest
left a comment
mikewest
left a comment
There was a problem hiding this comment.
The algorithm LGTM. I left a few nits that seem relevant to me, but nothing substantive.
|
|
||
| 1. For each |arg| in |parameterArgs|: | ||
|
|
||
| 1. Let |index| be the index of |arg| in |parameterArgs|. |
There was a problem hiding this comment.
I'd suggest writing this loop differently, as I don't think Infra provides a way to get the index of a given element in a list. Something like the following:
1. Assert: |parameterArgs|' [list/length=] is equal to [parameterStrings]' [=list/length=].
1. [=list/iterate|For each=] |index| of [=the range=] 0 to |parameterArgs|' [=list/length=]:
1. Let |arg| be |parameterArgs|[|index|].
Alternatively, we could add something to Infra to either create a For each variant that provides both an item and its index, or some mechanism to get the index of a given item? @annevk might have thoughts about which path might be preferable.
There was a problem hiding this comment.
I've gone with what you suggested for now.
|
This should be ready to merge @mikewest (I have permissions but don't know if there's any specific commit message changes you'd like to make) |
|
Nope. In that case, still still LGTM. Feel free to merge it. :) |
2 participants
Updates EnsureCSPDoesNotBlockStringCompilation to upstream changes from the Trusted Types spec. For non timers this now goes through the motions of checking CSP for trusted types and doing neccessary enforcement.
unsafe-eval is left as is.
Preview | Diff