Update unsafe methods to use new trusted types integration (#234)

See whatwg/html@8e5944d for change to HTML spec.
WICG · Jun 24, 2024 · c39463e · c39463e
1 parent c8e529d
commit c39463e
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/index.bs b/index.bs
@@ -109,17 +109,19 @@ markup, and an optional configuration.
 
 <pre class="idl extract">
 partial interface Element {
-  [CEReactions] undefined setHTMLUnsafe(HTMLString html, optional SetHTMLOptions options = {});
+  [CEReactions] undefined setHTMLUnsafe((TrustedHTML or DOMString) html, optional SetHTMLOptions options = {});
   [CEReactions] undefined setHTML(DOMString html, optional SetHTMLOptions options = {});
 };
 </pre>
 
 <div algorithm="DOM-Element-setHTMLUnsafe" export>
 {{Element}}'s <dfn for="DOM/Element">setHTMLUnsafe</dfn>(|html|, |options|) method steps are:
 
+1. Let |compliantHTML| be the result of invoking the [$Get Trusted Type compliant string$] algorithm with
+   {{TrustedHTML}}, [=this=]'s [=relevant global object=], |html|, "Element setHTMLUnsafe", and "script".
 1. Let |target| be [=this=]'s [=template contents=] if [=this=] is a
    {{HTMLTemplateElement|template}} element; otherwise [=this=].
-1. [=Set and filter HTML=] given |target|, [=this=], |html|, |options|, and false.
+1. [=Set and filter HTML=] given |target|, [=this=], |compliantHTML|, |options|, and false.
 
 </div>
 
@@ -134,7 +136,7 @@ partial interface Element {
 
 <pre class="idl extract">
 partial interface ShadowRoot {
-  [CEReactions] undefined setHTMLUnsafe(HTMLString html, optional SetHTMLOptions options = {});
+  [CEReactions] undefined setHTMLUnsafe((TrustedHTML or DOMString) html, optional SetHTMLOptions options = {});
   [CEReactions] undefined setHTML(DOMString html, optional SetHTMLOptions options = {});
 };
 </pre>
@@ -144,9 +146,11 @@ These methods are mirrored on the {{ShadowRoot}}:
 <div algorithm="ShadowRoot-setHTMLUnsafe" export>
 {{ShadowRoot}}'s <dfn for="DOM/ShadowRoot">setHTMLUnsafe</dfn>(|html|, |options|) method steps are:
 
+1. Let |compliantHTML| be the result of invoking the [$Get Trusted Type compliant string$] algorithm with
+   {{TrustedHTML}}, [=this=]'s [=relevant global object=], |html|, "ShadowRoot setHTMLUnsafe", and "script".
 1. [=Set and filter HTML=] using [=this=],
    [=this=]'s [=shadow host=] (as context element),
-   |html|, |options|, and false.
+   |compliantHTML|, |options|, and false.
 
 </div>
 
@@ -162,19 +166,21 @@ The {{Document}} interface gains two new methods which parse an entire {{Documen
 
 <pre class="idl extract">
 partial interface Document {
-  static Document parseHTMLUnsafe(HTMLString html, optional SetHTMLOptions options = {});
+  static Document parseHTMLUnsafe((TrustedHTML or DOMString) html, optional SetHTMLOptions options = {});
   static Document parseHTML(DOMString html, optional SetHTMLOptions options = {});
 };
 </pre>
 
 <div algorithm="parseHTMLUnsafe" export>
 The <dfn for="DOM/Document">parseHTMLUnsafe</dfn>(|html|, |options|) method steps are:
 
+1. Let |compliantHTML| be the result of invoking the [$Get Trusted Type compliant string$] algorithm with
+   {{TrustedHTML}}, [=this=]'s [=relevant global object=], |html|, "Document parseHTMLUnsafe", and "script".
 1. Let |document| be a new {{Document}}, whose [=Document/content type=] is "text/html".
 
    Note: Since |document| does not have a browsing context, scripting is disabled.
 1. Set |document|'s [=allow declarative shadow roots=] to true.
-1. [=Parse HTML from a string=] given |document| and |html|.
+1. [=Parse HTML from a string=] given |document| and |compliantHTML|.
 1. Let |config| be the result of calling [=get a sanitizer config from options=]
    with |options| and false.
 1. If |config| is not [=list/empty=],