Contact emailsvoge...@chromium.org, mk...@chromium.org, l...@chromium.org
The Sanitizer API wants to build an HTML Sanitizer right into the web platform. The goal is to make it easier to build XSS-free web applications. The intended contributions of the Sanitizer API are: Making a sanitizer more easily accessible to web developers; be easy to use and safe by default; and shift part of the maintenance burden to the platform
TAG review statusPending - In preparation. The WICGroup would like to get one important spec item resolved before sending this off to TAG.
A position statement has been requested
. By my reading, the answer received
is skeptical but avoids taking a definite stance one way or another. Please follow the link for details.Web developers
: No signals
The goal of this feature is to make security more accessible. We generally consider this feature low risk, since it's an additive feature that does extend or interact with existing platform security mechanisms.
The specification lists several security risks that are being considered during development of the feature:
Goals for experimentation
Mainly, API usability.
There are several open API questions the WICGroup is considering. We hope that a dev trial will give us feedback on whether the API is useful in its current form, and how to proceed with the outstanding questions.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?YesYes - Test coverage will be improved as we go along. On the plus side, both TT + Chromium implementations pass the current tests. :)
Link to entry on the Chrome Platform Statushttps://chromestatus.com/feature/5786893650231296