Intent to Implement and Ship: Add toJSON to Trusted Types instances.
80 views
Skip to first unread message
Daniel Vogelheim
Feb 3, 2021, 8:04:20 AM2/3/21
to blink-dev
Contact emails
voge...@chromium.org, ssanf...@chromium.orgExplainer
The issue is briefly explained in a bug against the spec:This follows a recent spec addition, which in turn follows developer feedback, to make sure Trusted Types in JSON.stringify will work as expected. That is, the trusted type gets a toJSON method that returns its string value, and JSON.stringify will thus treat it identically to a string.
Assuming a Trusted Type instance tt with value "value":
Assuming a Trusted Type instance tt with value "value":
- "" + tt // "value"
- Currently: JSON.stringify(tt) // "{}"
- Intended: JSON.stringify(tt) // "\"value\""
- Currently: JSON.stringify(tt) // "{}"
- Intended: JSON.stringify(tt) // "\"value\""
Specification
https://w3c.github.io/webappsec-trusted-types/dist/spec/#trusted-types(search for toJSON)
API spec
YesSummary
Adopt a recent spec change to add a toJSON method to Trusted Types instances, so that they will behave as expected when passed to JSON.stringify.
Blink component
Blink>SecurityFeature(In Monorail: Blink>SecurityFeature>TrustedTypes )
TAG review
n/aRisks
Interoperability and Compatibility
Minor compatibility risk, in that existing Trusted Type adopters might have(inadvertently) relied on the existing behaviour.
Gecko: No signal
Edge: No signal
WebKit: No signal
Web developers: No signals
Gecko: No signal
Edge: No signal
WebKit: No signal
Web developers: No signals
Is this feature fully tested by web-platform-tests?
Will be.Link to entry on the Chrome Platform Status
https://www.chromestatus.com/feature/6304682769121280This intent message was generated by Chrome Platform Status. (+ edits)
Mike West
Feb 3, 2021, 8:44:50 AM2/3/21
to Daniel Vogelheim, blink-dev
LGTM1.
This is a very minor addition that seems reasonably wrapped up in the wider review of Trusted Types. I don't think there's much value in requiring a TAG review for this, above and beyond the review for the feature itself (https://github.com/w3ctag/design-reviews/issues/198). Likewise, I expect other vendors' opinions to be wrapped up in their opinions of the feature (which, AFAIK, haven't changed since we shipped Trusted Types in mid-2020: https://mozilla.github.io/standards-positions/#trusted-types, and the discussion around https://github.com/mozilla/standards-positions/issues/20#issuecomment-584793239).
-mike
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPOejSmF-VS6YS4axnJQ9DLyymTCMERhtK0KiCc_d3-Dqg%40mail.gmail.com.
yo...@yoav.ws
Feb 4, 2021, 3:47:25 AM2/4/21
to blink-dev, mk...@chromium.org, blink-dev, Daniel Vogelheim
LGTM2
Daniel Bratell
Feb 4, 2021, 2:56:26 PM2/4/21
to yo...@yoav.ws, blink-dev, mk...@chromium.org, Daniel Vogelheim
LGTM3
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f8349ceb-69c6-4613-873d-fda9a8332b08n%40chromium.org.
Reply all
Reply to author
Forward
0 new messages