Update IDL for script enforcement

- Node/textContent, and Element/innerText are both now shadowed on HTMLScriptElement. HTMLScriptElement/textContent uses a union type rather than [StringContext] because it uses a nullable type.
w3c · Apr 2, 2024 · 5e266cf · 5e266cf
1 parent fc82918
commit 5e266cf
Showing 1 changed file with 42 additions and 16 deletions.
diff --git a/spec/index.bs b/spec/index.bs
@@ -1186,36 +1186,62 @@ partial interface ShadowRoot {
 
 ### Enforcement for scripts ### {#enforcement-in-scripts}
 
-#### Slots with trusted values #### {#slots-with-trusted-values}
-
-This document modifies {{HTMLScriptElement}}s. Each script has:
-
-: <dfn for="HTMLScriptElement" lt="[[ScriptText]]" attribute>`[[ScriptText]]`</dfn> internal slot.
-::  A string, containing the body of the script to execute that was set
-    through a {{StringContext}} compliant sink. Equivalent to script's
-    [=child text content=]. Initially null.
-
-#### Setting slot values #### {#setting-slot-values}
-
 This document modifies how {{HTMLScriptElement}} [=child text content=] can be set to allow applications to control dynamically created scripts. It does so by
 adding the {{HTMLElement/innerText}} and {{Node/textContent}} attributes directly on {{HTMLScriptElement}}. The behavior of the attributes remains the same
 as in their original counterparts, apart from additional behavior triggered by the {{StringContext}} extended attribute presence.
 
-Note: Using these IDL attributes is the recommended way of dynamically setting URL or a text of a script. Manipulating attribute nodes or text nodes directly will call a default policy on the final value when the script is prepared.
+Note: Using these IDL attributes is the recommended way of dynamically setting the URL or a text of a script. Manipulating attribute nodes or text nodes directly will call a default policy on the final value when the script is prepared.
 
 <pre class="idl exclude">
 partial interface HTMLScriptElement {
  [CEReactions] attribute [LegacyNullToEmptyString] ScriptString innerText;
- [CEReactions] attribute ScriptString? textContent;
+ [CEReactions] attribute (DOMString or TrustedScript)? textContent;
  [CEReactions] attribute ScriptURLString src;
  [CEReactions] attribute ScriptString text;
 };
 </pre>
 
-On setting the {{HTMLElement/innerText}}, {{Node/textContent}} and {{HTMLScriptElement/text}} IDL attributes execute the following algorithm:
+#### Slots with trusted values #### {#slots-with-trusted-values}
+
+This document modifies {{HTMLScriptElement}}s. Each script has:
+
+: <dfn for="HTMLScriptElement" lt="[[ScriptText]]" attribute>`[[ScriptText]]`</dfn> internal slot.
+::  A string, containing the body of the script to execute that was set
+    through a {{StringContext}} compliant sink. Equivalent to script's
+    [=child text content=]. Initially null.
+
+#### The {{HTMLScriptElement/innerText}} IDL attribute #### {#the-innerText-idl-attribute}
+
+The {{HTMLScriptElement/innerText}} setter steps are:
+
+1.  Set {{HTMLScriptElement/[[ScriptText]]}} internal slot value to |value|.
+1.  Run the {{HTMLElement/innerText}} setter steps with the given value |value|.
+
+The {{HTMLScriptElement/innerText}} getter steps are:
+
+1.  Run the {{HTMLElement/innerText}} getter steps.
+
+#### The {{HTMLScriptElement/textContent}} IDL attribute #### {#the-textContent-idl-attribute}
+
+The {{HTMLScriptElement/textContent}} setter steps are to, if the given value is null, act as if it was the
+empty string instead, and then do as described below:
+
+1.  Let |value| be the result of calling [$Get Trusted Type compliant string$] with
+    {{TrustedScript}}, [=this=]'s [=relevant global object=], the given value, `HTMLScriptElement textContent`,
+    `script`.
+1.  Set {{HTMLScriptElement/[[ScriptText]]}} internal slot value to |value|.
+1.  Run the {{Node/textContent}} setter steps with the given value |value|.
+
+The {{HTMLScriptElement/textContent}} getter steps are:
+
+1.  Run the {{Node/textContent}} getter steps.
+
+#### The {{HTMLScriptElement/text}} IDL attribute #### {#the-text-idl-attribute}
+
+Update the {{HTMLScriptElement/text}} setter steps algorithm as follows.
 
-1. Set {{HTMLScriptElement/[[ScriptText]]}} internal slot value to the stringified attribute value.
-1. Perform the usual attribute setter steps.
+1.  <ins>Set {{HTMLScriptElement/[[ScriptText]]}} internal slot value to the given value.</ins>
+1.  [=String replace all=] with the given value within this <code>script</code> element.
 
 #### Slot value verification #### {#slot-value-verification}