-
Notifications
You must be signed in to change notification settings - Fork 294
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft integration with Trusted Types, take 2. #1247
Changes from all commits
5bcc0af
dba4438
417460c
acb802a
2495cb4
10ce041
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -52,9 +52,11 @@ spec:html; type:element | |
<p>This specification depends on the Infra Standard. [[!INFRA]] | ||
|
||
<p>Some of the terms used in this specification are defined in <cite>Encoding</cite>, | ||
<cite>Selectors</cite>, <cite>Web IDL</cite>, <cite>XML</cite>, and <cite>Namespaces in XML</cite>. | ||
<cite>Selectors</cite>, <cite>Trusted Types</cite>, <cite>Web IDL</cite>, <cite>XML</cite>, and | ||
<cite>Namespaces in XML</cite>. | ||
[[!ENCODING]] | ||
[[!SELECTORS4]] | ||
[[!TRUSTED-TYPES]] | ||
[[!WEBIDL]] | ||
[[!XML]] | ||
[[!XML-NAMES]] | ||
|
@@ -6033,8 +6035,8 @@ interface Element : Node { | |
sequence<DOMString> getAttributeNames(); | ||
DOMString? getAttribute(DOMString qualifiedName); | ||
DOMString? getAttributeNS(DOMString? namespace, DOMString localName); | ||
[CEReactions] undefined setAttribute(DOMString qualifiedName, DOMString value); | ||
[CEReactions] undefined setAttributeNS(DOMString? namespace, DOMString qualifiedName, DOMString value); | ||
[CEReactions] undefined setAttribute(DOMString qualifiedName, (TrustedType or DOMString) value); | ||
[CEReactions] undefined setAttributeNS(DOMString? namespace, DOMString qualifiedName, (TrustedType or DOMString) value); | ||
[CEReactions] undefined removeAttribute(DOMString qualifiedName); | ||
[CEReactions] undefined removeAttributeNS(DOMString? namespace, DOMString localName); | ||
[CEReactions] boolean toggleAttribute(DOMString qualifiedName, optional boolean force); | ||
|
@@ -6357,7 +6359,8 @@ given a <var>document</var>, <var>localName</var>, <var>namespace</var>, and opt | |
<ol> | ||
<li><p>Let <var>oldValue</var> be <var>attribute</var>'s <a for=Attr>value</a>.</p></li> | ||
|
||
<li><p>Set <var>attribute</var>'s <a for=Attr>value</a> to <var>value</var>. | ||
<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var>, with | ||
<var>attribute</var>'s <a for=Attr>element</a>. | ||
|
||
<li><p><a>Handle attribute changes</a> for <var>attribute</var> with <var>attribute</var>'s | ||
<a for=Attr>element</a>, <var>oldValue</var>, and <var>value</var>. | ||
|
@@ -6409,6 +6412,18 @@ steps: | |
<a for=Attr>value</a>. | ||
</ol> | ||
|
||
<p>To <dfn id=concept-element-attributes-validate-and-set-value>validate and set attribute value</dfn> | ||
{{TrustedType}} or a string <var>value</var> for an <a>attribute</a> <var>attribute</var>, with | ||
<a for=/>element</a> <var>element</var>: | ||
|
||
<ol> | ||
<li><p>Let <var>validValue</var> be the result of calling | ||
<a abstract-op>get Trusted Types-compliant attribute value</a> for <var>attribute</var>, with | ||
<var>element</var> and <var>value</var>. [[!TRUSTED-TYPES]] | ||
|
||
<li><p>Set <var>attribute</var>'s <a for=Attr>value</a> to <var>validValue</var>. | ||
</ol> | ||
|
||
<hr> | ||
|
||
<div algorithm> | ||
|
@@ -6471,6 +6486,9 @@ string <var>namespace</var> (default null):</p> | |
|
||
<li><p>If <var>oldAttr</var> is <var>attr</var>, return <var>attr</var>. | ||
|
||
<li><p><a>Validate and set attribute value</a> <var>newAttr</var>'s <a for="Attr">value</a> for | ||
<var>newAttr</var> with <var>element</var>. | ||
|
||
<li><p>If <var>oldAttr</var> is non-null, then <a lt="replace an attribute">replace</a> | ||
<var>oldAttr</var> with <var>attr</var>. | ||
|
||
|
@@ -6482,21 +6500,30 @@ string <var>namespace</var> (default null):</p> | |
|
||
<div algorithm> | ||
<p>To <dfn export id=concept-element-attributes-set-value>set an attribute value</dfn> given an | ||
<a for=/>element</a> <var>element</var>, a string <var>localName</var>, a string <var>value</var>, | ||
an optional null or string <var>prefix</var> (default null), and an optional null or string | ||
<var>namespace</var> (default null): | ||
<a for=/>element</a> <var>element</var>, a string <var>localName</var>, a string or {{TrustedType}} | ||
<var>value</var>, an optional null or string <var>prefix</var> (default null), and an optional null | ||
or string <var>namespace</var> (default null): | ||
|
||
<ol> | ||
<li>Let <var>attribute</var> be the result of | ||
<a lt="get an attribute by namespace and local name">getting an attribute</a> given | ||
<var>namespace</var>, <var>localName</var>, and <var>element</var>. | ||
|
||
<li>If <var>attribute</var> is null, create an <a>attribute</a> whose <a for=Attr>namespace</a> is | ||
<var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>, | ||
<a for=Attr>local name</a> is <var>localName</var>, <a for=Attr>value</a> is <var>value</var>, and | ||
<a for=Node>node document</a> is <var>element</var>'s <a for=Node>node document</a>, then | ||
<a lt="append an attribute">append</a> this <a>attribute</a> to <var>element</var>, and then | ||
return. | ||
<li> | ||
<p>If <var>attribute</var> is null, then: | ||
<ol> | ||
<li><p>Set <var>attribute</var> to a new <a>attribute</a> whose <a for=Attr>namespace</a> is | ||
<var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>, | ||
<a for=Attr>local name</a> is <var>localName</var> and <a for=Node>node document</a> is | ||
<var>element</var>'s <a for=Node>node document</a>. | ||
|
||
<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var> with | ||
<var>element</var>. | ||
|
||
<li><p><a lt="append an attribute">Append</a> <var>attribute</var> to <var>element</var>. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is problematic. Validation may have run scripts, and scripts may have already added another attribute with same name. That can't be allowed. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Addressed in #1268 by rechecking the attribute state and throwing an exception if the default policy has done something funky. |
||
|
||
<li><p>Return. | ||
</ol> | ||
|
||
<li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>. | ||
</ol> | ||
|
@@ -6759,10 +6786,21 @@ method steps are: | |
and null otherwise. | ||
<!-- This is step 2 of "get an attribute by name", modified as appropriate --> | ||
|
||
<li><p>If <var>attribute</var> is null, create an <a>attribute</a> whose | ||
<a for=Attr>local name</a> is <var>qualifiedName</var>, <a for=Attr>value</a> is | ||
<var>value</var>, and <a for=Node>node document</a> is <a>this</a>'s <a for=Node>node document</a>, | ||
then <a lt="append an attribute">append</a> this <a>attribute</a> to <a>this</a>, and then return. | ||
<li> | ||
<p>If <var>attribute</var> is null, then: | ||
|
||
<ol> | ||
<li><p>Set <var>attribute</var> to a new <a>attribute</a> whose <a for=Attr>local name</a> is | ||
<var>qualifiedName</var> and <a for=Node>node document</a> is <a>this</a>'s | ||
<a for=Node>node document</a>. | ||
|
||
<li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var>, | ||
with <a>this</a>. | ||
|
||
<li><p><a lt="append an attribute">Append</a> <var>attribute</var> to <a>this</a>. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This has also the problem that since validation may run scripts, the attribute list may now already have attribute with the same name. And validation may throw an exception. (but yeah, in general these checks do need to happen very early when we're about to set an attribute) |
||
|
||
<li><p>Return. | ||
</ol> | ||
|
||
<li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>. | ||
</ol> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably clarify that validation may throw an exception. What should happen in that case?