diff --git a/index.bs b/index.bs index 921b2ead..e2f145b6 100644 --- a/index.bs +++ b/index.bs @@ -6353,8 +6353,10 @@ The following extended attributes are applicable [{{AllowResizable}}], [{{AllowShared}}], [{{Clamp}}], -[{{EnforceRange}}], and -[{{LegacyNullToEmptyString}}]. +[{{EnforceRange}}], +[{{LegacyNullToEmptyString}}], and +[{{StringContext}}]. +
The extended attributes associated with @@ -10259,6 +10261,39 @@ that does specify [{{SecureContext}}].
+

[StringContext]

+ +If the [{{StringContext}}] [=extended attribute=] appears on {{DOMString}} or {{USVString}}, it +modifies how the value is converted to the IDL type, causing additional value validation to +adhere to the context the string is used in. + +The [{{StringContext}}] extended attribute must [=takes an identifier|take an identifier=]. The [=identifier=] +must be one of "TrustedHTML", "TrustedScript", and "TrustedScriptURL". + +The [{{StringContext}}] extended attribute may only annotate a type of a [=regular attribute=] or +a [=regular operation=] argument. A type annotated with the [{{StringContext}}] +extended attribute must not appear in a [=read only=] attribute. + +A type that is not {{DOMString}} or {{USVString}} must not be [=extended attributes associated with|associated with=] +the [{{StringContext}}] extended attribute. + +The [{{StringContext}}] extended attribute must not be used on only some of the [=overloaded|overloads=] of an +[=overloaded=] [=operation=]. + +
+ + In the following [=IDL fragment=], + a [=variadic=] [=operation=] is declared + that uses the [{{StringContext}}] [=extended attribute=] + on all its arguments: + + 
+        interface Document {
+          void write([StringContext=TrustedHTML] DOMString... text);
+        };
+
+
+

[Unscopable]

@@ -11056,6 +11091,21 @@ allowed. The security check takes the following three inputs: Note: The HTML Standard defines how a security check is performed. [[!HTML]] +Certain algorithms are defined to +validate the string in context on a given +value. This check is used to determine whether a given value +is appropriate for its {{StringContext}}. This validation takes the following four inputs: + +1. the [=platform object=] on + which the operation invocation or attribute access is being done, +1. the value to validate, +1. the {{StringContext}} [=identifier=], and +1. the [=identifier=] of the operation or attribute. + +The algorithm returns an ECMAScript value, or [=JavaScript/throws=] a {{TypeError}}. + +Note: The HTML Standard defines how the validation is performed. [[!HTML]] +

Overload resolution algorithm

@@ -11092,8 +11142,16 @@ Note: The HTML Standard defines how a security check is performed. [[!HTML]] 1. If the argument at index |i| is declared with a [=optional argument/default value=], then append to |values| that default value. 1. Otherwise, append to |values| the special value “missing”. - 1. Otherwise, append to |values| the result of [=converted to an IDL value|converting=] - |V| to IDL type |type|. + 1. Otherwise: + 1. If |type| is an IDL type [=extended attribute associated with|associated with=] the + [{{StringContext}}] extended attribute, then set |V| to the result of performing + [=validate the string in context=], passing [=this=], |V|, the {{StringContext}} + extended attribute [=identifier=], and the [=identifier=] + of the [=operation=] or [=extended attribute=] of the first entry in |S|. + + Note: That algorithm can [=JavaScript/throw=] a {{TypeError}}. + 1. Append to |values| the result of [=converted to an IDL value|converting=] + |V| to IDL type |type|. 1. Set |i| to |i| + 1. 1. If |i| = |d|, then: 1. Let |V| be |args|[|i|]. @@ -11292,8 +11350,16 @@ Note: The HTML Standard defines how a security check is performed. [[!HTML]] 1. If the argument at index |i| is declared with a [=optional argument/default value=], then append to |values| that default value. 1. Otherwise, append to |values| the special value “missing”. - 1. Otherwise, append to |values| the result of - [=converted to an IDL value|converting=] |V| to IDL type |type|. + 1. Otherwise: + 1. If |type| is an IDL type [=extended attribute associated with|associated with=] the + [{{StringContext}}] extended attribute, then set |V| to the result of performing + [=validate the string in context=], passing [=this=], |V|, the {{StringContext}} + extended attribute [=identifier=], and the [=identifier=] + of |callable|. + + Note: That algorithm can [=JavaScript/throw=] a {{TypeError}}. + 1. Append to |values| the result of [=converted to an IDL value|converting=] + |V| to IDL type |type|. 1. Set |i| to |i| + 1. 1. While |i| is less than the number of arguments |callable| is declared to take: 1. If |callable|'s argument at index |i| is declared with a [=optional argument/default value=], @@ -11982,8 +12048,14 @@ in which case they are exposed on every object that [=implements=] the interface
Otherwise
- |idlValue| is the result of [=converted to an IDL value|converting=] |V| to an - IDL value of |attribute|'s type. + 1. If |attribute|'s type is [=extended attribute associated with|associated with=] the + [{{StringContext}}] extended attribute, then set |V| to the result of performing + [=validate the string in context=], passing [=this=], |V|, the {{StringContext}} + extended attribute [=identifier=], and |id|. + + Note: That algorithm can [=JavaScript/throw=] a {{TypeError}}. + 1. |idlValue| is the result of [=converted to an IDL value|converting=] |V| to an + IDL value of |attribute|'s type.