Throw instead of rendering error on security issue

[rictic]

This is easier for users to understand what's going on and where the problem is. Upstreaming cl/369366746

[changeset-bot]

🦋 Changeset detected

Latest commit: 5728589

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

📊 Tachometer Benchmark Results

Summary

nop-update

• lit-html-kitchen-sink: unsure 🔍 -11% - +7% (-4.19ms - +2.90ms)
  ^{this-change vs tip-of-tree}

render

• lit-element-list: unsure 🔍 -2% - +2% (-2.06ms - +1.67ms)
  ^{this-change vs tip-of-tree}
• lit-html-kitchen-sink: unsure 🔍 -2% - +9% (-0.67ms - +3.38ms)
  ^{this-change vs tip-of-tree}
• lit-html-repeat: unsure 🔍 -5% - +2% (-0.68ms - +0.29ms)
  ^{this-change vs tip-of-tree}
• lit-html-template-heavy: unsure 🔍 -2% - +4% (-0.94ms - +2.50ms)
  ^{this-change vs tip-of-tree}
• reactive-element-list: unsure 🔍 -3% - +1% (-1.78ms - +0.95ms)
  ^{this-change vs tip-of-tree}

update

• lit-element-list: unsure 🔍 -3% - +1% (-18.54ms - +9.30ms)
  ^{this-change vs tip-of-tree}
• lit-html-kitchen-sink: unsure 🔍 -5% - +9% (-5.79ms - +9.71ms)
  ^{this-change vs tip-of-tree}
• lit-html-repeat: unsure 🔍 -6% - +0% (-22.89ms - +0.72ms)
  ^{this-change vs tip-of-tree}
• lit-html-template-heavy: unsure 🔍 -4% - +2% (-5.01ms - +2.53ms)
  ^{this-change vs tip-of-tree}
• reactive-element-list: unsure 🔍 -2% - +2% (-17.39ms - +13.53ms)
  ^{this-change vs tip-of-tree}

update-reflect

• lit-element-list: unsure 🔍 -3% - +1% (-22.68ms - +7.62ms)
  ^{this-change vs tip-of-tree}
• reactive-element-list: unsure 🔍 -2% - +2% (-18.46ms - +13.76ms)
  ^{this-change vs tip-of-tree}

Results

lit-element-list

• Browser: chrome-headless 92.0.4515.131
• Sample size: 50
• Built by: Benchmarks #1803

• Commit: 5da07b1

render

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	89.47ms - 92.13ms	-	unsure 🔍 -2% - +2% -2.06ms - +1.67ms	faster ✔ 18% - 21% 19.69ms - 23.94ms
tip-of-tree tip-of-tree	89.69ms - 92.30ms	unsure 🔍 -2% - +2% -1.67ms - +2.06ms	-	faster ✔ 18% - 21% 19.51ms - 23.72ms
previous-release previous-release	110.96ms - 114.27ms	slower ❌ 21% - 27% 19.69ms - 23.94ms	slower ❌ 21% - 26% 19.51ms - 23.72ms	-

update

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	720.62ms - 740.68ms	-	unsure 🔍 -3% - +1% -18.54ms - +9.30ms	faster ✔ 9% - 12% 69.44ms - 99.56ms
tip-of-tree tip-of-tree	725.61ms - 744.93ms	unsure 🔍 -1% - +3% -9.30ms - +18.54ms	-	faster ✔ 8% - 12% 65.06ms - 94.70ms
previous-release previous-release	803.91ms - 826.39ms	slower ❌ 9% - 14% 69.44ms - 99.56ms	slower ❌ 9% - 13% 65.06ms - 94.70ms	-

update-reflect

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	771.93ms - 795.95ms	-	unsure 🔍 -3% - +1% -22.68ms - +7.62ms	faster ✔ 3% - 7% 21.66ms - 56.90ms
tip-of-tree tip-of-tree	782.23ms - 800.70ms	unsure 🔍 -1% - +3% -7.62ms - +22.68ms	-	faster ✔ 2% - 6% 15.89ms - 47.61ms
previous-release previous-release	810.32ms - 836.11ms	slower ❌ 3% - 7% 21.66ms - 56.90ms	slower ❌ 2% - 6% 15.89ms - 47.61ms	-

lit-html-kitchen-sink

• Browser: chrome-headless 92.0.4515.131
• Sample size: 30
• Built by: Benchmarks #1803

• Commit: 5da07b1

render

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	38.30ms - 41.02ms	-	unsure 🔍 -2% - +9% -0.67ms - +3.38ms	faster ✔ 26% - 35% 13.98ms - 21.10ms
tip-of-tree tip-of-tree	36.80ms - 39.81ms	unsure 🔍 -8% - +2% -3.38ms - +0.67ms	-	faster ✔ 28% - 38% 15.28ms - 22.51ms
previous-release previous-release	53.91ms - 60.49ms	slower ❌ 35% - 54% 13.98ms - 21.10ms	slower ❌ 39% - 60% 15.28ms - 22.51ms	-

update

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	109.68ms - 120.49ms	-	unsure 🔍 -5% - +9% -5.79ms - +9.71ms	unsure 🔍 -11% - +4% -12.89ms - +4.88ms
tip-of-tree tip-of-tree	107.57ms - 118.68ms	unsure 🔍 -8% - +5% -9.71ms - +5.79ms	-	unsure 🔍 -12% - +2% -14.94ms - +3.02ms
previous-release previous-release	112.03ms - 126.15ms	unsure 🔍 -4% - +11% -4.88ms - +12.89ms	unsure 🔍 -3% - +13% -3.02ms - +14.94ms	-

nop-update

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	35.18ms - 40.32ms	-	unsure 🔍 -11% - +7% -4.19ms - +2.90ms	unsure 🔍 -9% - +11% -3.44ms - +4.09ms
tip-of-tree tip-of-tree	35.95ms - 40.83ms	unsure 🔍 -8% - +11% -2.90ms - +4.19ms	-	unsure 🔍 -7% - +13% -2.70ms - +4.64ms
previous-release previous-release	34.68ms - 40.17ms	unsure 🔍 -11% - +9% -4.09ms - +3.44ms	unsure 🔍 -12% - +7% -4.64ms - +2.70ms	-

lit-html-repeat

• Browser: chrome-headless 92.0.4515.131
• Sample size: 30
• Built by: Benchmarks #1803

• Commit: 5da07b1

render

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	12.59ms - 13.32ms	-	unsure 🔍 -5% - +2% -0.68ms - +0.29ms	faster ✔ 9% - 15% 1.30ms - 2.25ms
tip-of-tree tip-of-tree	12.83ms - 13.47ms	unsure 🔍 -2% - +5% -0.29ms - +0.68ms	-	faster ✔ 8% - 14% 1.13ms - 2.02ms
previous-release previous-release	14.42ms - 15.04ms	slower ❌ 10% - 18% 1.30ms - 2.25ms	slower ❌ 8% - 16% 1.13ms - 2.02ms	-

update

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	374.20ms - 392.21ms	-	unsure 🔍 -6% - +0% -22.89ms - +0.72ms	faster ✔ 28% - 33% 154.52ms - 182.40ms
tip-of-tree tip-of-tree	386.65ms - 401.93ms	unsure 🔍 -0% - +6% -0.72ms - +22.89ms	-	faster ✔ 27% - 30% 144.27ms - 170.47ms
previous-release previous-release	541.02ms - 562.30ms	slower ❌ 40% - 48% 154.52ms - 182.40ms	slower ❌ 36% - 44% 144.27ms - 170.47ms	-

lit-html-template-heavy

• Browser: chrome-headless 92.0.4515.131
• Sample size: 50
• Built by: Benchmarks #1803

• Commit: 5da07b1

render

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	61.77ms - 64.28ms	-	unsure 🔍 -2% - +4% -0.94ms - +2.50ms	faster ✔ 14% - 18% 10.24ms - 13.94ms
tip-of-tree tip-of-tree	61.07ms - 63.42ms	unsure 🔍 -4% - +1% -2.50ms - +0.94ms	-	faster ✔ 15% - 19% 11.07ms - 14.66ms
previous-release previous-release	73.76ms - 76.47ms	slower ❌ 16% - 22% 10.24ms - 13.94ms	slower ❌ 18% - 24% 11.07ms - 14.66ms	-

update

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	121.27ms - 126.74ms	-	unsure 🔍 -4% - +2% -5.01ms - +2.53ms	faster ✔ 10% - 16% 13.59ms - 22.58ms
tip-of-tree tip-of-tree	122.65ms - 127.84ms	unsure 🔍 -2% - +4% -2.53ms - +5.01ms	-	faster ✔ 9% - 15% 12.43ms - 21.26ms
previous-release previous-release	138.52ms - 145.66ms	slower ❌ 11% - 18% 13.59ms - 22.58ms	slower ❌ 10% - 17% 12.43ms - 21.26ms	-

reactive-element-list

• Browser: chrome-headless 92.0.4515.131
• Sample size: 50
• Built by: Benchmarks #1802

• Commit: 038ce35

render

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	77.62ms - 79.87ms	-	unsure 🔍 -2% - +2% -1.72ms - +1.20ms	unsure 🔍 -1% - +3% -0.87ms - +1.97ms
tip-of-tree tip-of-tree	78.08ms - 79.93ms	unsure 🔍 -2% - +2% -1.20ms - +1.72ms	-	unsure 🔍 -1% - +3% -0.45ms - +2.07ms
previous-release previous-release	77.34ms - 79.05ms	unsure 🔍 -2% - +1% -1.97ms - +0.87ms	unsure 🔍 -3% - +1% -2.07ms - +0.45ms	-

update

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	996.57ms - 1017.92ms	-	unsure 🔍 -2% - +1% -20.05ms - +10.89ms	unsure 🔍 -2% - +2% -15.46ms - +17.54ms
tip-of-tree tip-of-tree	1000.63ms - 1023.02ms	unsure 🔍 -1% - +2% -10.89ms - +20.05ms	-	unsure 🔍 -1% - +2% -11.22ms - +22.46ms
previous-release previous-release	993.63ms - 1018.79ms	unsure 🔍 -2% - +2% -17.54ms - +15.46ms	unsure 🔍 -2% - +1% -22.46ms - +11.22ms	-

update-reflect

Version	Avg time	vs this-change	vs tip-of-tree tip-of-tree	vs previous-release previous-release
this-change	1069.46ms - 1098.72ms	-	unsure 🔍 -1% - +2% -12.32ms - +24.49ms	unsure 🔍 -1% - +3% -9.43ms - +28.37ms
tip-of-tree tip-of-tree	1066.84ms - 1089.17ms	unsure 🔍 -2% - +1% -24.49ms - +12.32ms	-	unsure 🔍 -1% - +2% -12.98ms - +19.75ms
previous-release previous-release	1062.65ms - 1086.59ms	unsure 🔍 -3% - +1% -28.37ms - +9.43ms	unsure 🔍 -2% - +1% -19.75ms - +12.98ms	-

_{tachometer-reporter-action v2 for Benchmarks}

[justinfagnani]

This is fine as an existing restriction, but I'd like to dig into this more with the ISE team.

First, in client-side rendering <script> tags in Lit templates will not execute (in SSR they can, but we could make sure they don't).

Then <script> tags can be used for other purposes than executable JS, mainly because they're raw text elements and can contain unescaped "<" characters. The Playground Elements use <script> tags for file content. I've seen syntax highlighters that do the same. I could see cases where you want those to be dynamic...

[rictic]

Yeah, we could add some additional checks here, e.g. that there's a type field of a non-javascript type.

It is the case that even if the type is a javascript type, script tags rendered like this don't typically run, but are we certain that there isn't a way to make them run? e.g. render into an unattached document fragment, then attach that? Something something inert template and clone into document?

[justinfagnani]

I'm not 100% sure if cloning drops the script-created bit, but I'd like to be! Seems like good tests to eventually add.

[justinfagnani]

Can you beak this line up to be < 80 cols?

[rictic]

Done!