diff --git a/spec/index.bs b/spec/index.bs index ddd5c23..737c80c 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -671,15 +671,31 @@ initially empty. 1. Set |localName| to |tagName| in [=ASCII lowercase=]. 1. If |elementNs| is an empty string, set |elementNs| to [=HTML namespace=]. + 1. If |property| starts with "on", then return {{TrustedScript}}. 1. Let |interface| be the [=element interface=] for |localName| and |elementNs|. - 1. If |interface| has an IDL attribute member which identifier is |attribute|, and - {{StringContext}} IDL extended attribute appears on that attribute, return - stringified {{StringContext}}'s identifier and abort further steps. - - Note: This also takes into account all members of [=interface mixins=] that - |interface| [=includes=]. - - 1. Return null. + 1. Let |expectedType| be null. + 1. Find the row in the following table, where the first column is "*" or |interface|'s name, and |property| is in the second column. + If a matching row is found, set |expectedType| to the value of the third column. + + + + + +
ElementProperty nameTrustedType +
{{HTMLEmbedElement}}"src"{{TrustedScriptURL}} +
{{HTMLIFrameElement}}"srcdoc"{{TrustedHTML}} +
{{HTMLObjectElement}}"codebase"{{TrustedScriptURL}} +
{{HTMLObjectElement}}"data"{{TrustedScriptURL}} +
{{HTMLScriptElement}}"innerText"{{TrustedScript}} +
{{HTMLScriptElement}}"src"{{TrustedScriptURL}} +
{{HTMLScriptElement}}"text"{{TrustedScript}} +
{{HTMLScriptElement}}"textContent"{{TrustedScript}} +
"*""innerHTML"{{TrustedHTML}} +
"*""outerHTML"{{TrustedHTML}} +
+ 1. Return |expectedType|. + + Note: Step 3 is a special case for event handler names, as they always start with "on".
@@ -698,15 +714,19 @@ initially empty. 1. Set |localName| to |tagName| in [=ASCII lowercase=]. 1. Set |attribute| to |attribute| in [=ASCII lowercase=]. + 1. If |attribute| starts with "on", then return {{TrustedScript}}. 1. If |elementNs| is an empty string, set |elementNs| to [=HTML namespace=]. 1. If |attrNs| is an empty string, set |attrNs| to null. 1. Let |interface| be the [=element interface=] for |localName| and |elementNs|. - 1. If |interface| does not have an IDL <a spec="webidl">attribute</a> that [=reflects=] a content attribute with - |localName| local name and |attrNs| namespace, - return undefined and abort further steps. Otherwise, let |idlAttribute| be that IDL <a spec="webidl">attribute</a>. - 1. If {{StringContext}} IDL extended attribute appears on |idlAttribute|, return - stringified {{StringContext}}'s identifier and abort further steps. - 1. Return null. + 1. Let |expectedType| be null. + 1. Set |attributeData| to the result of [$Get Trusted Type data for attribute$] algorithm, with the following arguments: + * |interface| as |element| + * |attribute| + * |attrNs| + 1. If |attributeData| is not null, then set |expectedType| to the value of the third member of |attributeData|. + 1. Return |expectedType|. + + Note: Step 3 is a special case for <a href=https://html.spec.whatwg.org/#event-handler-name>event handler names</a>, as they always start with "on". <div class="example" id="get-attribute-type-example"> <xmp highlight="js"> @@ -1083,10 +1103,32 @@ Given an {{HTMLScriptElement}} (|script|), this algorithm performs the following ## Get Trusted Types-compliant attribute value ## {#validate-attribute-mutation} To <dfn abstract-op export>get Trusted Types-compliant attribute value</dfn> on {{Attr}} |attribute| with {{Element}} |element| and {{TrustedType}} or a string |newValue|, perform the following steps: -1. Let |expectedType| be null. -1. Let |sink| be null. -1. Find the row in the following table, where |element| is in the first column, and |attribute|'s <a for="Attr">namespace</a> and <a for="Attr">local name</a> match the values in the second and third column, respectively. - If a matching row is found, set |expectedType| and |sink| to the value of the fourth, and fifth column in that row, respectively. +1. Set |attributeData| to the result of [$Get Trusted Type data for attribute$] algorithm, with the following arguments: + * |element| + * |attribute|'s <a for="Attr">local name</a> as |attribute| + * |attribute|'s <a for="Attr">namespace</a> as |attributeNs| +1. If |attributeData| is null, then: + 1. If |newValue| is a string, return |newValue|. + 1. <a>Assert</a>: |newValue| is {{TrustedHTML}} or {{TrustedScript}} or {{TrustedScriptURL}}. + 1. Return |value|'s `[[Data]]` internal slot value. +1. Let |expectedType| be the value of the third member of |attributeData|. +1. Let |sink| be the value of the fourth member of |attributeData|. +1. Return the result of executing [$Get Trusted Type compliant string$] with the following arguments: + * |expectedType| + * |newValue| as |input| + * |element|'s <a>node document</a>'s <a>relevant global object</a> as |global| + * |sink| + * 'script' as |sinkGroup| + + If the algorithm threw an error, rethrow the error. + +## Get Trusted Type data for attribute ## {#get-trusted-type-data-for-attribute} +To <dfn abstract-op>Get Trusted Type data for attribute</dfn> given |element|, |attribute|, |attributeNs|, perform the following steps: + +1. Let |data| be null. +1. Find the row in the following table, where |element| is in the first column, |attributeNs| is in the second column, + and |attribute| is in the third column. + If a matching row is found, set |data| to that row. <table> <thead> @@ -1102,18 +1144,7 @@ To <dfn abstract-op export>get Trusted Types-compliant attribute value</dfn> on </tbody> </table> -1. If |expectedType| is null, then: - 1. If |newValue| is a string, return |newValue|. - 1. <a>Assert</a>: |newValue| is {{TrustedHTML}} or {{TrustedScript}} or {{TrustedScriptURL}}. - 1. Return |value|'s `[[Data]]` internal slot value. -1. Return the result of executing [$Get Trusted Type compliant string$] with the following arguments: - * |expectedType| - * |newValue| as |input| - * |element|'s <a>node document</a>'s <a>relevant global object</a> as |global| - * |sink| - * 'script' as |sinkGroup| - - If the algorithm threw an error, rethrow the error. +1. Return |data|. # Integrations # {#integrations}