diff --git a/spec/index.bs b/spec/index.bs index 0f72a8f..e6d4e8f 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -670,14 +670,24 @@ Its value is initially « ». 1. Set |localName| to |tagName| in [=ASCII lowercase=]. 1. If |elementNs| is an empty string, set |elementNs| to [=HTML namespace=]. 1. Let |interface| be the [=element interface=] for |localName| and |elementNs|. - 1. If |interface| has an IDL attribute member which identifier is |attribute|, and - {{StringContext}} IDL extended attribute appears on that attribute, return - stringified {{StringContext}}'s identifier and abort further steps. - - Note: This also takes into account all members of [=interface mixins=] that - |interface| [=includes=]. - - 1. Return null. + 1. Let |expectedType| be null. + 1. Find the row in the following table, where the first column is "*" or |interface|'s name, and |property| is in the second column. + If a matching row is found, set |expectedType| to the value of the third column. + + + + + +
ElementProperty nameTrustedType +
{{HTMLIFrameElement}}"srcdoc"{{TrustedHTML}} +
{{HTMLScriptElement}}"innerText"{{TrustedScript}} +
{{HTMLScriptElement}}"src"{{TrustedScriptURL}} +
{{HTMLScriptElement}}"text"{{TrustedScript}} +
{{HTMLScriptElement}}"textContent"{{TrustedScript}} +
"*""innerHTML"{{TrustedHTML}} +
"*""outerHTML"{{TrustedHTML}} +
+ 1. Return |expectedType|.
@@ -699,12 +709,13 @@ Its value is initially « ». 1. If |elementNs| is an empty string, set |elementNs| to [=HTML namespace=]. 1. If |attrNs| is an empty string, set |attrNs| to null. 1. Let |interface| be the [=element interface=] for |localName| and |elementNs|. - 1. If |interface| does not have an IDL <a spec="webidl">attribute</a> that [=reflects=] a content attribute with - |localName| local name and |attrNs| namespace, - return undefined and abort further steps. Otherwise, let |idlAttribute| be that IDL <a spec="webidl">attribute</a>. - 1. If {{StringContext}} IDL extended attribute appears on |idlAttribute|, return - stringified {{StringContext}}'s identifier and abort further steps. - 1. Return null. + 1. Let |expectedType| be null. + 1. Set |attributeData| to the result of [$Get Trusted Type data for attribute$] algorithm, with the following arguments: + * |interface| as |element| + * |attribute| + * |attrNs| + 1. If |attributeData| is not null, then set |expectedType| to the value of the third member of |attributeData|. + 1. Return |expectedType|. <div class="example" id="get-attribute-type-example"> <xmp highlight="js"> @@ -1070,26 +1081,16 @@ Given an {{HTMLScriptElement}} (|script|), this algorithm performs the following ## Get Trusted Types-compliant attribute value ## {#validate-attribute-mutation} To <dfn abstract-op export>get Trusted Types-compliant attribute value</dfn> on {{Attr}} |attribute| with {{Element}} |element| and {{TrustedType}} or a string |newValue|, perform the following steps: -1. Let |expectedType| be null. -1. Let |sink| be null. -1. Find the row in the following table, where |element| is in the first column, and |attribute|'s <a for="Attr">namespace</a> and <a for="Attr">local name</a> match the values in the second and third column, respectively. - If a matching row is found, set |expectedType| and |sink| to the value of the fourth, and fifth column in that row, respectively. - - <table> - <thead> - <tr><th>Element<th>Attribute namespace<th>Attribute local name<th>TrustedType<th>Sink - <tbody> - <tr><td>{{HTMLIFrameElement}}<td>null<td>"srcdoc"<td>{{TrustedHTML}}<td>"HTMLIFrameElement srcdoc" - <tr><td>{{HTMLScriptElement}}<td>null<td>"src"<td>{{TrustedScriptURL}}<td>"HTMLScriptElement src" - <tr><td>{{SVGScriptElement}}<td>null<td>"href"<td>{{TrustedScriptURL}}<td>"SVGScriptElement href" - <tr><td>{{SVGScriptElement}}<td><a>XLink namespace</a><td>"href"<td>{{TrustedScriptURL}}<td>"SVGScriptElement href" - </tbody> - </table> - -1. If |expectedType| is null, then: +1. Set |attributeData| to the result of [$Get Trusted Type data for attribute$] algorithm, with the following arguments: + * |element| + * |attribute|'s <a for="Attr">local name</a> as |attribute| + * |attribute|'s <a for="Attr">namespace</a> as |attributeNs| +1. If |attributeData| is null, then: 1. If |newValue| is a string, return |newValue|. 1. <a>Assert</a>: |newValue| is {{TrustedHTML}} or {{TrustedScript}} or {{TrustedScriptURL}}. 1. Return |value|'s associated data. +1. Let |expectedType| be the value of the third member of |attributeData|. +1. Let |sink| be the value of the fourth member of |attributeData|. 1. Return the result of executing [$Get Trusted Type compliant string$] with the following arguments: * |expectedType| * |newValue| as |input| @@ -1099,7 +1100,30 @@ To <dfn abstract-op export>get Trusted Types-compliant attribute value</dfn> on If the algorithm threw an error, rethrow the error. -Issue: This algorithm should account for event handler attributes. See https://github.com/w3c/trusted-types/issues/474 +## Get Trusted Type data for attribute ## {#get-trusted-type-data-for-attribute} +To <dfn abstract-op>Get Trusted Type data for attribute</dfn> given |element|, |attribute|, |attributeNs|, perform the following steps: + +Issue: The [=event handler content attribute=] concept used below is ambiguous. This spec needs a better mechanism to identify event handler attributes. See [https://github.com/w3c/trusted-types/issues/520](https://github.com/w3c/trusted-types/issues/520). + +1. Let |data| be null. +1. If |attributeNs| is null, and |attribute| is the name of an [=event handler content attribute=], then: + 1. Return ({{Element}}, null, |attribute|, {{TrustedScript}}, "Element " + |attribute|). +1. Find the row in the following table, where |element| is in the first column, |attributeNs| is in the second column, + and |attribute| is in the third column. + If a matching row is found, set |data| to that row. + + <table> + <thead> + <tr><th>Element<th>Attribute namespace<th>Attribute local name<th>TrustedType<th>Sink + <tbody> + <tr><td>{{HTMLIFrameElement}}<td>null<td>"srcdoc"<td>{{TrustedHTML}}<td>"HTMLIFrameElement srcdoc" + <tr><td>{{HTMLScriptElement}}<td>null<td>"src"<td>{{TrustedScriptURL}}<td>"HTMLScriptElement src" + <tr><td>{{SVGScriptElement}}<td>null<td>"href"<td>{{TrustedScriptURL}}<td>"SVGScriptElement href" + <tr><td>{{SVGScriptElement}}<td><a>XLink namespace</a><td>"href"<td>{{TrustedScriptURL}}<td>"SVGScriptElement href" + </tbody> + </table> + +1. Return |data|. # Integrations # {#integrations} @@ -1256,9 +1280,9 @@ abstract operation. User agents must use the following implementation: ### Validate the string in context ### {#html-validate-the-string-in-context} -This specification defines the <a>validate the string in context</a> algorithm in [[html#integration-with-idl]]. +This specification defines the validate the string in context algorithm in [[html#integration-with-idl]]. -When <a>validate the string in context</a> is invoked, with |platformObject|, |value|, |stringContext|, and |identifier| run these steps: +When validate the string in context is invoked, with |platformObject|, |value|, |stringContext|, and |identifier| run these steps: 1. If |platformObject|'s [=relevant global object=] has a [=Window/trusted type policy factory=]: