Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove StringContext attribute #498

Merged
merged 1 commit into from
Jun 12, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 0 additions & 44 deletions spec/index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -1128,18 +1128,9 @@ Issue: The [=event handler content attribute=] concept used below is ambiguous.
# Integrations # {#integrations}

<pre class="idl">
typedef [StringContext=TrustedHTML] DOMString HTMLString;
lukewarlow marked this conversation as resolved.
Show resolved Hide resolved
typedef [StringContext=TrustedScript] DOMString ScriptString;
typedef [StringContext=TrustedScriptURL] USVString ScriptURLString;
typedef (TrustedHTML or TrustedScript or TrustedScriptURL) TrustedType;
</pre>

## Integration with WebIDL ## {#webidl-integration}

<h3 id="StringContext" extended-attribute lt="StringContext">[StringContext]</h3>

Issue: See [https://github.com/whatwg/webidl/pull/1392](https://github.com/whatwg/webidl/pull/1392).

## Integration with HTML ## {#integration-with-html}

{{Window}} and {{Worker}} objects have a <dfn for="Window">trusted type policy factory</dfn>,
Expand Down Expand Up @@ -1278,41 +1269,6 @@ abstract operation. User agents must use the following implementation:
1. If |argument| is a {{TrustedScript}} object, return the value of its associated [=TrustedScript/data=].
1. Return ~unknown~.

### Validate the string in context ### {#html-validate-the-string-in-context}

This specification defines the validate the string in context algorithm in [[html#integration-with-idl]].

When validate the string in context is invoked, with |platformObject|, |value|, |stringContext|, and |identifier| run these steps:

1. If |platformObject|'s [=relevant global object=] has a [=Window/trusted type policy factory=]:

1. Set |sink| to the result of [=concatenating=] the list &laquo; |platformObject|'s <a spec=webidl>identifier</a>, |identifier| &raquo; with `" "` as |separator|.
<div class="example" id="validate-string-example">
For example, the following annotation and JavaScript code:
<pre highlight=idl>
typedef [StringContext=TrustedHTML] DOMString HTMLString;
[ Exposed=Window, HTMLConstructor] interface HTMLIFrameElement : HTMLElement {
attribute HTMLString srcdoc;
};
</pre>
<pre highlight=js>
document.createElement('iframe').srcdoc = foo;
document.createElement('iframe').setAttribute('SRCdoc', foo);
</pre>
causes the |sink| value to be `"HTMLIFrameElement srcdoc"`.
</div>
1. Set |value| to the result of running the [$Get Trusted Type compliant string$] algorithm, passing the following arguments:
* |value| as |input|,
* |stringContext| as |expectedType|,
* |sink| as |sink|,
* `'script'` as |sinkGroup|,
* |platformObject|'s [=relevant global object=] as |global|.

Issue: Remove hardcoding 'script' when new sink groups are specified.

1. If an exception was thrown, rethrow exception and abort further steps.
1. Return |value|.

## Integration with DOM ## {#integration-with-dom}

Note: See [https://github.com/whatwg/dom/pull/1258](https://github.com/whatwg/dom/pull/1258) and [https://github.com/whatwg/dom/pull/1268](https://github.com/whatwg/dom/pull/1268) which upstream this integration.
Expand Down
Loading