Hola,
Igalia has been working on the implementation of Trusted Types for a
while, but it seems an intent to ship was never sent, so I just sent one.
While working on the implementation, we have made a big effort to
improve and extend test coverage. Currently, we are passing all the WPT
tests, except the ones for tentative features that are not part of the
spec:
https://bugzilla.mozilla.org/show_bug.cgi?id=1939805#c7
Because Trusted Types require some extra checks in some APIs accepting
strings, there is a risk for performance regression in critical paths
(e.g. innerHTML setter). We have done our best to mitigate these issues
and at least speedometer looks good. Meta bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1936014
Trusted Types may potentially cause regression with Firefox's UA widgets
and web extensions content script, if they use any "powerful API" in a
page with Trusted Types enforcement enabled. We have detected some of
them and tried to address this issue by skipping Trusted Types checks in
these trusted places ; at this point it probably only remains edge
cases, but it's difficult to know exactly. Relevant bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1948227
https://bugzilla.mozilla.org/show_bug.cgi?id=1990732
Given the above points, the idea is to enable Trusted Types
incrementally and catch any potential regressions asap. As a first step,
we are tentatively enabling Trusted Types in nighly build today:
https://bugzilla.mozilla.org/show_bug.cgi?id=1955251
Frédéric Wang