Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create commonly used and harmless constants like TrustedHTML.EMPTY #95

Closed
koto opened this issue Oct 30, 2018 · 7 comments · Fixed by #173
Closed

Create commonly used and harmless constants like TrustedHTML.EMPTY #95

koto opened this issue Oct 30, 2018 · 7 comments · Fixed by #173
Labels
spec

Comments

@koto
Copy link
Member

koto commented Oct 30, 2018

It's often the case that the applications would want an empty string to assign it to innerHTML. Consider exposing a TrustedHTML wrapping an empty string without needing a policy to create it, e.g. as a static property of TrustedHTML object.
@koto koto added the spec label Jan 17, 2019
@koto
Copy link
Member Author

koto commented Jan 31, 2019

Also TrustedURL.HASH, see thread

@koto koto changed the title Create TrustedHTML.EMPTY Create commonly used and harmless constants like TrustedHTML.EMPTY Jan 31, 2019
@vrana
Copy link
Collaborator

vrana commented Jan 31, 2019

The EMPTY constants seem fine but I'm opposed to TrustedURL.HASH. There's no reason to use # alone as URL. It's only used to put there (usually in a.href) something that is later ignored (because the event handler stops the propagation). Anything else would work too, e.g. TrustedURL.EMPTY. Using # and not stopping the propagation causes the page to jump to the top which is a poor experience and we shouldn't encourage that by adding a constant for #.

@koto
Copy link
Member Author

koto commented Feb 27, 2019

Filed a request for TrustedHTML.EMPTY at https://bugs.chromium.org/p/chromium/issues/detail?id=936436

@mikesamuel
Copy link
Collaborator

Would a solution to issue #96 obviate this?

@xtofian
Copy link

xtofian commented Mar 27, 2019

Would a solution to issue #96 obviate this?

I think so.

I'd lean towards making these sorts of constants not part of the standard, but rather leave it to a (reference) builder library to provide. Either as explicit symbols, or via template literals, which would allow you to write
trustedHTML`` and trustedURL`#`.

@koto
Copy link
Member Author

koto commented Mar 27, 2019

I'm for keeping TrustedHTML.EMPTY as part of the standard. It's an easy way to facilitate rewriting existing code that doesn't require to use policies. For example, code linters might automatically refactor the code without any side-effects (assuming some minimal polyfill exists, or the replacement tests for the existence of the property first).

@koto
Copy link
Member Author

koto commented May 16, 2019

The empty HTML constant was implemented in http://crbug.com/936436. Due to naming conventions and other concerns it will be available at the factory level, so currently:

const html = TrustedTypes.emptyHTML

(tests at https://github.com/web-platform-tests/wpt/blob/master/trusted-types/TrustedTypePolicyFactory-constants.tentative.html).

I'll follow up with the polyfill implementation.

koto added a commit to koto/trusted-types that referenced this issue May 16, 2019
@koto
Added TrustedTypes.emptyHTML implementation.
6e7fdda 
Fixes w3c#95.
@koto koto mentioned this issue May 16, 2019
Merged
@koto koto closed this as completed in #173 May 16, 2019
koto added a commit that referenced this issue May 16, 2019
@koto
Added TrustedTypes.emptyHTML implementation. (#173)
ecbb9f3 
Fixes #95.
@rachelandrew rachelandrew mentioned this issue Mar 30, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
spec
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added TrustedTypes.emptyHTML implementation. koto/trusted-types
5 participants
@vrana @koto @mikesamuel @xtofian and others