Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"8.1.3.13 HostEnsureCanCompileStrings" affected by tc39/ecma262 PR #1498 #4501

Closed
mikesamuel opened this issue Apr 3, 2019 · 3 comments
Closed

"8.1.3.13 HostEnsureCanCompileStrings" affected by tc39/ecma262 PR #1498 #4501

mikesamuel opened this issue Apr 3, 2019 · 3 comments
Labels
addition/proposal New features or enhancements integration Better coordination across standards needed security/privacy There are security or privacy implications

Comments

@mikesamuel
Copy link

https://html.spec.whatwg.org/#hostensurecancompilestrings(callerrealm,-calleerealm)

8.1.3.13 HostEnsureCanCompileStrings(callerRealm, calleeRealm)
JavaScript contains an implementation-defined HostEnsureCanCompileStrings(callerRealm, calleeRealm) abstract operation. User agents must use the following implementation:​ [JAVASCRIPT]

Perform ? EnsureCSPDoesNotBlockStringCompilation(callerRealm, calleeRealm). [CSP]

affected by tc39/ecma262#1498 which adds parameters to HostEnsureCanCompileStrings to allow https://wicg.github.io/trusted-types/dist/spec/ to guard JavaScript source sinks.
@mikesamuel mikesamuel changed the title "8.1.3.13 HostEnsureCanCompileStrings(callerReal..." "8.1.3.13 HostEnsureCanCompileStrings" affected by tc39/ecma262 PR #1498 Apr 3, 2019
@mikesamuel mikesamuel mentioned this issue Apr 3, 2019
Open
@annevk
Copy link
Member

annevk commented Apr 4, 2019

What's the proposed setup here? Will CSP call into Trusted Types or some such?

@mikesamuel
Copy link
Author

Yeah. The proposal will include a call to Trusted Type's Get Trusted Type compliant string.

The plan was initially for Trusted Types to modify html5/hostensurecancompilestrings but may involve modifying CSP/EnsureCSPDoesNotBlockStringCompilation

I'm rewriting the ]relevant part of TT](https://wicg.github.io/trusted-types/dist/spec/#string-compilation) based on wicg/trusted-types#144.

@annevk annevk added addition/proposal New features or enhancements integration Better coordination across standards needed security/privacy There are security or privacy implications labels Apr 4, 2019
@annevk annevk mentioned this issue Mar 14, 2024
Closed
@annevk
Copy link
Member

annevk commented Mar 14, 2024
edited
Loading

Let's track this in #10202 from now on per recommendation from Luke.

@annevk annevk closed this as not planned Won't fix, can't repro, duplicate, stale Mar 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
addition/proposal New features or enhancements integration Better coordination across standards needed security/privacy There are security or privacy implications
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikesamuel @annevk