Intent to Ship: Sanitizer API MVP
Daniel Vogelheim
Contact emails
voge...@chromium.org, mk...@chromium.org, l...@chromium.orgExplainer
https://github.com/WICG/sanitizer-apihttps://web.dev/sanitizer
Specification
https://wicg.github.io/sanitizer-apiDocs
https://web.dev/sanitizerhttps://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API
Summary
The Sanitizer API offers an easy to use and safe by default HTML Sanitizer API, which developers can use to remove content that may execute script from arbitrary, user-supplied HTML content. The goal is to make it easier to build XSS-free web applications. The intended contributions of the Sanitizer API are: Making a sanitizer more easily accessible to web developers; be easy to use and safe by default; and shift part of the maintenance burden to the platform. This is the initial "MVP". This implements the current spec except for two features, the .sanitize and .sanitizeFor methods on the Sanitizer object, in order to leave room for more discussion. Our intent is to add the missing features once the discussion has run its course. In all other aspects, this launch faithfully implements the spec as currently written. We feel the current implementation already adds substantial value to the web platform as-is.
Blink component
Blink>SecurityFeature>SanitizerAPITAG review
https://github.com/w3ctag/design-reviews/issues/619TAG review status
Issues addressedRisks
Interoperability and Compatibility
This is a new API that does not modify existing behaviour. A comprehensive WPT test suite ensures cross-browser compatibility.
Gecko: In development (https://github.com/mozilla/standards-positions/issues/106)
WebKit: No signal (https://lists.webkit.org/pipermail/webkit-dev/2021-March/031731.html, https://lists.webkit.org/pipermail/webkit-dev/2022-March/032155.html) A position statement has been requested. The answer received to date (2021-03-18) avoids giving a definite answer one way or another. Please follow the links for details.
Web developers: Positive. There have been several articles or blog posts about the Sanitizer API, with a generally positive undertone. Examples: https://portswigger.net/daily-swig/google-mozilla-close-to-finalizing-sanitizer-api-for-chrome-and-firefox-browsers https://blog.bitsrc.io/javascript-sanitizer-api-the-modern-way-to-safe-dom-manipulation-828d5ea7dca6 https://css-tricks.com/html-sanitizer-api/
Security
The goal of this feature is to make security more accessible. We generally consider this feature low risk, since it's an additive feature that does not extend or interact with existing platform security mechanisms. The specification lists several security risks that are being considered during development of the feature: https://wicg.github.io/sanitizer-api/#security-considerations
WebView application risks
n/a
Debuggability
Sanitizer API can be readily debugged with existing DevTools. It does not have hidden state (or other "special" integration) that would warrant customized DevTools support.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
YesIs this feature fully tested by web-platform-tests?
YesFlag name
SanitizerAPIv0Requires code in //chrome?
FalseTracking bug
https://crbug.com/1101982Launch bug
https://crbug.com/1306863Measurement
Several counters for API calls are defined. (E.g. https://source.chromium.org/search?q=MeasureAs%3DSanitizerAPI%20file:%5C.idl$ )Estimated milestones
105
Anticipated spec changes
The plan of record is to migrate the current WICG spec to HTML proper: * https://github.com/WICG/sanitizer-api/issues/114
* https://github.com/whatwg/html/issues/7197
Two apparently contentious API choices were removed from this launch, which is what makes this an MVP. By making sure the MVP only contains agreed upon APIs we allow for the future evolution of the API in any direction.
* https://github.com/WICG/sanitizer-api/issues/129
* https://github.com/WICG/sanitizer-api/issues/128
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5786893650231296
Yoav Weiss
Contact emails
voge...@chromium.org, mk...@chromium.org, l...@chromium.orgExplainer
https://github.com/WICG/sanitizer-api
https://web.dev/sanitizerSpecification
https://wicg.github.io/sanitizer-apiDocs
https://web.dev/sanitizer
https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_APISummary
The Sanitizer API offers an easy to use and safe by default HTML Sanitizer API, which developers can use to remove content that may execute script from arbitrary, user-supplied HTML content. The goal is to make it easier to build XSS-free web applications. The intended contributions of the Sanitizer API are: Making a sanitizer more easily accessible to web developers; be easy to use and safe by default; and shift part of the maintenance burden to the platform. This is the initial "MVP". This implements the current spec except for two features, the .sanitize and .sanitizeFor methods on the Sanitizer object, in order to leave room for more discussion. Our intent is to add the missing features once the discussion has run its course. In all other aspects, this launch faithfully implements the spec as currently written. We feel the current implementation already adds substantial value to the web platform as-is.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com.
Daniel Vogelheim
On Wed, Jun 1, 2022 at 11:09 AM Daniel Vogelheim <voge...@chromium.org> wrote:Contact emails
voge...@chromium.org, mk...@chromium.org, l...@chromium.orgExplainer
https://github.com/WICG/sanitizer-api
https://web.dev/sanitizerSpecification
https://wicg.github.io/sanitizer-apiDocs
https://web.dev/sanitizer
https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_APISummary
The Sanitizer API offers an easy to use and safe by default HTML Sanitizer API, which developers can use to remove content that may execute script from arbitrary, user-supplied HTML content. The goal is to make it easier to build XSS-free web applications. The intended contributions of the Sanitizer API are: Making a sanitizer more easily accessible to web developers; be easy to use and safe by default; and shift part of the maintenance burden to the platform. This is the initial "MVP". This implements the current spec except for two features, the .sanitize and .sanitizeFor methods on the Sanitizer object, in order to leave room for more discussion. Our intent is to add the missing features once the discussion has run its course. In all other aspects, this launch faithfully implements the spec as currently written. We feel the current implementation already adds substantial value to the web platform as-is.
So will this only support the `setHTML()` option initially?
Yoav Weiss
On Wed, Jun 1, 2022 at 11:47 AM Yoav Weiss <yoav...@chromium.org> wrote:On Wed, Jun 1, 2022 at 11:09 AM Daniel Vogelheim <voge...@chromium.org> wrote:Contact emails
voge...@chromium.org, mk...@chromium.org, l...@chromium.orgExplainer
https://github.com/WICG/sanitizer-api
https://web.dev/sanitizerSpecification
https://wicg.github.io/sanitizer-apiDocs
https://web.dev/sanitizer
https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_APISummary
The Sanitizer API offers an easy to use and safe by default HTML Sanitizer API, which developers can use to remove content that may execute script from arbitrary, user-supplied HTML content. The goal is to make it easier to build XSS-free web applications. The intended contributions of the Sanitizer API are: Making a sanitizer more easily accessible to web developers; be easy to use and safe by default; and shift part of the maintenance burden to the platform. This is the initial "MVP". This implements the current spec except for two features, the .sanitize and .sanitizeFor methods on the Sanitizer object, in order to leave room for more discussion. Our intent is to add the missing features once the discussion has run its course. In all other aspects, this launch faithfully implements the spec as currently written. We feel the current implementation already adds substantial value to the web platform as-is.
So will this only support the `setHTML()` option initially?Yes, exactly.
Daniel Bratell
LGTM2
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWfCzrDG6-pBY8ChT6A_8%2BbKiPePp%2BCsgADY9vv9rQiQA%40mail.gmail.com.
Alex Russell
LGTM2
/Daniel
On 2022-06-01 14:48, Yoav Weiss wrote:
LGTM1 % explainer update
On Wed, Jun 1, 2022 at 12:55 PM Daniel Vogelheim <voge...@google.com> wrote:
On Wed, Jun 1, 2022 at 11:47 AM Yoav Weiss <yoav...@chromium.org> wrote:
On Wed, Jun 1, 2022 at 11:09 AM Daniel Vogelheim <voge...@chromium.org> wrote:
Yes, exactly.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPNZ1TE5wbApR4-scTLjwKT54vzB_FLjnqbLLth%2BJmLpUQ%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.