Skip to content

Commit

Permalink
Renamed window.TrustedTypes to window.trustedTypes (#205)
Browse files Browse the repository at this point in the history
Fixed #177.

The polyfill will copy existing (i.e. native) window.TrustedTypes to window.trustedTypes.

Please use window.trustedTypes or (window.trustedTypes || window.TrustedTypes) from now on.
  • Loading branch information
koto authored Aug 8, 2019
1 parent 84d6179 commit 84aedb6
Show file tree
Hide file tree
Showing 21 changed files with 171 additions and 144 deletions.
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ The ES5 / ES6 builds can be loaded directly in the browsers. There are two varia
<!-- API only -->
<script src="https://wicg.github.io/trusted-types/dist/es5/trustedtypes.api_only.build.js"></script>
<script>
const p = TrustedTypes.createPolicy('foo', ...)
const p = trustedTypes.createPolicy('foo', ...)
document.body.innerHTML = p.createHTML('foo'); // works
document.body.innerHTML = 'foo'; // but this one works too (no enforcement).
</script>
Expand All @@ -35,8 +35,8 @@ The ES5 / ES6 builds can be loaded directly in the browsers. There are two varia
<!-- Full -->
<script src="https://wicg.github.io/trusted-types/dist/es5/trustedtypes.build.js" data-csp="trusted-types foo bar"></script>
<script>
TrustedTypes.createPolicy('foo', ...);
TrustedTypes.createPolicy('unknown', ...); // throws
trustedTypes.createPolicy('foo', ...);
trustedTypes.createPolicy('unknown', ...); // throws
document.body.innerHTML = 'foo'; // throws
</script>
```
Expand All @@ -57,10 +57,10 @@ tt.createPolicy(...);
### Tinyfill

Due to the way the API is designed, it's possible to polyfill the most important
API surface (`TrustedTypes.createPolicy` function) with the following snippet:
API surface (`trustedTypes.createPolicy` function) with the following snippet:

```javascript
if(typeof TrustedTypes == 'undefined')TrustedTypes={createPolicy:(n, rules) => rules};
if(typeof trustedTypes == 'undefined')trustedTypes={createPolicy:(n, rules) => rules};
```

It does not enable the enforcement, but allows the creation of policies that
Expand Down
6 changes: 3 additions & 3 deletions demo/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ <h1>Trusted Types demo</h1>
(function() {
// Create an unsafe policy - it can only be used on a trusted input,
// inside of this function.
var policy = TrustedTypes.createPolicy('unsafe', {
var policy = trustedTypes.createPolicy('unsafe', {
'createHTML': function(unsafe) {
return unsafe;
},
Expand All @@ -58,7 +58,7 @@ <h1>Trusted Types demo</h1>
})();

// Create escaping policy
var escapePolicy = TrustedTypes.createPolicy('escape', {
var escapePolicy = trustedTypes.createPolicy('escape', {
'createHTML': function(unsafe) {
return unsafe
.replace(/&/g, "&amp;")
Expand Down Expand Up @@ -128,7 +128,7 @@ <h1>Trusted Types demo</h1>
el.appendChild(document.createElement('script')).src = 'data:,';
}, true);
runTest(['creating policy from outside whitelist'], function(el) {
TrustedTypes.createPolicy('foo', {});
trustedTypes.createPolicy('foo', {});
}, true);

</script>
Expand Down
26 changes: 18 additions & 8 deletions dist/cjs/trustedtypes.api_only.js
Original file line number Diff line number Diff line change
Expand Up @@ -565,7 +565,7 @@ const trustedTypesBuilderTestOnly = function() {
}
} else {
// eslint-disable-next-line no-console
console.warn('TrustedTypes.createPolicy ' + pName +
console.warn('trustedTypes.createPolicy ' + pName +
' was given an empty policy');
}
freeze(innerPolicy);
Expand Down Expand Up @@ -637,7 +637,7 @@ const trustedTypesBuilderTestOnly = function() {
});

return {
TrustedTypes: freeze(api),
trustedTypes: freeze(api),
setAllowedPolicyNames,
getDefaultPolicy,
resetDefaultPolicy,
Expand All @@ -646,7 +646,7 @@ const trustedTypesBuilderTestOnly = function() {


const {
TrustedTypes,
trustedTypes,
setAllowedPolicyNames,
getDefaultPolicy,
resetDefaultPolicy,
Expand All @@ -661,15 +661,25 @@ const {
* https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document
*/

const tt = TrustedTypes;
const tt = trustedTypes;

/**
* Sets up the public Trusted Types API in the global object.
*/
function setupPolyfill() {
// Make sure Closure compiler exposes the names.
if (typeof window === 'undefined' ||
typeof window['TrustedTypes'] !== 'undefined') {
// We use array accessors to make sure Closure compiler will not alter the
// names of the properties..
if (typeof window === 'undefined') {
return;
}
const rootProperty = 'trustedTypes';

// Convert old window.TrustedTypes to window.trustedTypes.
if (window['TrustedTypes'] && typeof window[rootProperty] === 'undefined') {
window[rootProperty] = Object.freeze(window['TrustedTypes']);
}

if (typeof window[rootProperty] !== 'undefined') {
return;
}

Expand All @@ -687,7 +697,7 @@ function setupPolyfill() {
'emptyHTML': tt.emptyHTML,
'_isPolyfill_': true,
});
window['TrustedTypes'] = Object.freeze(publicApi);
window[rootProperty] = Object.freeze(publicApi);

window['TrustedHTML'] = tt.TrustedHTML;
window['TrustedURL'] = tt.TrustedURL;
Expand Down
10 changes: 5 additions & 5 deletions dist/es5/trustedtypes.api_only.build.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/es5/trustedtypes.api_only.build.js.map

Large diffs are not rendered by default.

Loading

0 comments on commit 84aedb6

Please sign in to comment.