Draft integration with Trusted Types, take 2. #1247
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -52,9 +52,11 @@ spec:html; type:element | |
| <p>This specification depends on the Infra Standard. [[!INFRA]] | ||
|
|
||
| <p>Some of the terms used in this specification are defined in <cite>Encoding</cite>, | ||
| <cite>Selectors</cite>, <cite>Trusted Types</cite>, <cite>Web IDL</cite>, <cite>XML</cite>, and | ||
| <cite>Namespaces in XML</cite>. | ||
| [[!ENCODING]] | ||
| [[!SELECTORS4]] | ||
| [[!TRUSTED-TYPES]] | ||
| [[!WEBIDL]] | ||
| [[!XML]] | ||
| [[!XML-NAMES]] | ||
|
|
@@ -6033,8 +6035,8 @@ interface Element : Node { | |
| sequence<DOMString> getAttributeNames(); | ||
| DOMString? getAttribute(DOMString qualifiedName); | ||
| DOMString? getAttributeNS(DOMString? namespace, DOMString localName); | ||
| [CEReactions] undefined setAttribute(DOMString qualifiedName, (TrustedType or DOMString) value); | ||
| [CEReactions] undefined setAttributeNS(DOMString? namespace, DOMString qualifiedName, (TrustedType or DOMString) value); | ||
| [CEReactions] undefined removeAttribute(DOMString qualifiedName); | ||
| [CEReactions] undefined removeAttributeNS(DOMString? namespace, DOMString localName); | ||
| [CEReactions] boolean toggleAttribute(DOMString qualifiedName, optional boolean force); | ||
|
|
@@ -6357,7 +6359,8 @@ given a <var>document</var>, <var>localName</var>, <var>namespace</var>, and opt | |
| <ol> | ||
| <li><p>Let <var>oldValue</var> be <var>attribute</var>'s <a for=Attr>value</a>.</p></li> | ||
|
|
||
| <li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var>, with | ||
| <var>attribute</var>'s <a for=Attr>element</a>. | ||
|
|
||
| <li><p><a>Handle attribute changes</a> for <var>attribute</var> with <var>attribute</var>'s | ||
| <a for=Attr>element</a>, <var>oldValue</var>, and <var>value</var>. | ||
|
|
@@ -6409,6 +6412,18 @@ steps: | |
| <a for=Attr>value</a>. | ||
| </ol> | ||
|
|
||
| <p>To <dfn id=concept-element-attributes-validate-and-set-value>validate and set attribute value</dfn> | ||
| {{TrustedType}} or a string <var>value</var> for an <a>attribute</a> <var>attribute</var>, with | ||
| <a for=/>element</a> <var>element</var>: | ||
|
|
||
| <ol> | ||
| <li><p>Let <var>validValue</var> be the result of calling | ||
| <a abstract-op>get Trusted Types-compliant attribute value</a> for <var>attribute</var>, with | ||
| <var>element</var> and <var>value</var>. [[!TRUSTED-TYPES]] | ||
|
|
||
| <li><p>Set <var>attribute</var>'s <a for=Attr>value</a> to <var>validValue</var>. | ||
| </ol> | ||
|
|
||
| <hr> | ||
|
|
||
| <div algorithm> | ||
|
|
@@ -6471,6 +6486,9 @@ string <var>namespace</var> (default null):</p> | |
|
|
||
| <li><p>If <var>oldAttr</var> is <var>attr</var>, return <var>attr</var>. | ||
|
|
||
| <li><p><a>Validate and set attribute value</a> <var>newAttr</var>'s <a for="Attr">value</a> for | ||
| <var>newAttr</var> with <var>element</var>. | ||
|
|
||
| <li><p>If <var>oldAttr</var> is non-null, then <a lt="replace an attribute">replace</a> | ||
| <var>oldAttr</var> with <var>attr</var>. | ||
|
|
||
|
|
@@ -6482,21 +6500,30 @@ string <var>namespace</var> (default null):</p> | |
|
|
||
| <div algorithm> | ||
| <p>To <dfn export id=concept-element-attributes-set-value>set an attribute value</dfn> given an | ||
| <a for=/>element</a> <var>element</var>, a string <var>localName</var>, a string or {{TrustedType}} | ||
| <var>value</var>, an optional null or string <var>prefix</var> (default null), and an optional null | ||
| or string <var>namespace</var> (default null): | ||
|
|
||
| <ol> | ||
| <li>Let <var>attribute</var> be the result of | ||
| <a lt="get an attribute by namespace and local name">getting an attribute</a> given | ||
| <var>namespace</var>, <var>localName</var>, and <var>element</var>. | ||
|
|
||
| <li> | ||
| <p>If <var>attribute</var> is null, then: | ||
| <ol> | ||
| <li><p>Set <var>attribute</var> to a new <a>attribute</a> whose <a for=Attr>namespace</a> is | ||
| <var>namespace</var>, <a for=Attr>namespace prefix</a> is <var>prefix</var>, | ||
| <a for=Attr>local name</a> is <var>localName</var> and <a for=Node>node document</a> is | ||
| <var>element</var>'s <a for=Node>node document</a>. | ||
|
|
||
| <li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var> with | ||
| <var>element</var>. | ||
|
|
||
| <li><p><a lt="append an attribute">Append</a> <var>attribute</var> to <var>element</var>. | ||
|
There was a problem hiding this comment. This is problematic. Validation may have run scripts, and scripts may have already added another attribute with same name. That can't be allowed. There was a problem hiding this comment. Addressed in #1268 by rechecking the attribute state and throwing an exception if the default policy has done something funky. |
||
|
|
||
| <li><p>Return. | ||
| </ol> | ||
|
|
||
| <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>. | ||
| </ol> | ||
|
|
@@ -6759,10 +6786,21 @@ method steps are: | |
| and null otherwise. | ||
| <!-- This is step 2 of "get an attribute by name", modified as appropriate --> | ||
|
|
||
| <li> | ||
| <p>If <var>attribute</var> is null, then: | ||
|
|
||
| <ol> | ||
| <li><p>Set <var>attribute</var> to a new <a>attribute</a> whose <a for=Attr>local name</a> is | ||
| <var>qualifiedName</var> and <a for=Node>node document</a> is <a>this</a>'s | ||
| <a for=Node>node document</a>. | ||
|
|
||
| <li><p><a>Validate and set attribute value</a> <var>value</var> for <var>attribute</var>, | ||
| with <a>this</a>. | ||
|
|
||
| <li><p><a lt="append an attribute">Append</a> <var>attribute</var> to <a>this</a>. | ||
|
There was a problem hiding this comment. This has also the problem that since validation may run scripts, the attribute list may now already have attribute with the same name. And validation may throw an exception. (but yeah, in general these checks do need to happen very early when we're about to set an attribute) |
||
|
|
||
| <li><p>Return. | ||
| </ol> | ||
|
|
||
| <li><p><a lt="change an attribute">Change</a> <var>attribute</var> to <var>value</var>. | ||
| </ol> | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably clarify that validation may throw an exception. What should happen in that case?