Intent to Prototype: Sanitizer API

394 views
Skip to first unread message

Daniel Vogelheim

unread,
Jul 23, 2024, 11:53:47 AMJul 23
to blink-dev

Contact emails

voge...@chromium.org

Explainer

https://github.com/WICG/sanitizer-api/blob/main/explainer.md

Specification

https://wicg.github.io/sanitizer-api

Summary

The Sanitizer API offers an easy to use and safe by default HTML Sanitizer API, which developers can use to remove content that may execute script from arbitrary, user-supplied HTML content. The goal is to make it easier to build XSS-free web applications.


Blink component

Blink>SecurityFeature>SanitizerAPI

Motivation

User input sanitization is a necessary and common activity of many web applications, but it's difficult to get right. As a component of the web platform it's easier to harden the sanitizer implementation and keep it up-to-date. Offering a high-quality sanitizer with good defaults (without blocking developers from using their own, if they choose) would improve security, and make it more accessible.

This follows previous attempts at establishing a Sanitizer API (https://chromestatus.com/feature/5786893650231296), which we unshipped again (https://chromestatus.com/feature/5115076981293056). The specification has meanwhile progressed and we believe it's worth re-starting implementation work in Chrome/Chromium. The HTML group has labelled this spec as 'stage 2` (https://github.com/whatwg/html/issues?q=is%3Aissue+is%3Aopen+label%3A%22stage%3A+2%22+) in the HTML stages process (https://whatwg.org/stages#stage2).



Initial public proposal

https://wicg.github.io/sanitizer-api/

TAG review

https://github.com/w3ctag/design-reviews/issues/619


Risks


Interoperability and Compatibility

Gecko: Positive (https://mozilla.github.io/standards-positions/#sanitizer-api)

WebKit: Support (https://github.com/WebKit/standards-positions/issues/86)

Web developers: No signals

Other signals: HTML: stage 2. (https://github.com/whatwg/html/issues/7197)

Security

https://wicg.github.io/sanitizer-api/#security-considerations


WebView application risks

None (This modified Element.setHTMLUnsafe by adding a second parameter, but behaviour without that 2nd parameter should be identical.)



Debuggability

These APIs are readily accessible and testable using DevTools.



Is this feature fully tested by web-platform-tests?

Yes

WPT has a comprehensive test suite, in the sanitizer-api/ directory. However, the current directory contains a mix of old-API and new-API tests and needs more work. https://wpt.fyi/results/sanitizer-api?label=experimental&label=master&aligned


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5814067399491584?gate=5134521213911040

This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages