WICG/sanitizer-api

Issues

• Handling of omitted vs empty lists

  #268 opened 25 days ago by evilpie
  4

• "fragment parsing algorithm steps" seems to have no third boolean parameter.

  #272 opened 10 days ago by evilpie
  5

• Allow replaceWithChildrenElements together with elements

  #261 opened 10 days ago by evilpie
  0

• Skip unnecessary steps in sanitize core algorithm

  #274 opened 11 days ago by evilpie
  0

• Should we normalize the empty string namespace to null?

  #262 opened 11 days ago by evilpie
  3

• Mixup between Sanitizer and SanitizerConfig parameter types

  #260 opened a month ago by evilpie
  0

• Safe sanitizer default

  #228 opened a year ago by annevk
  2

• Solving safe/unsafe defaults

  #233 opened 10 months ago by annevk
  1

• Sanitizer constructor needs to set configuration with safe

  #273 opened 18 days ago by evilpie
  1

• Duplication of global attributes as element specific attributes in default config

  #271 opened 19 days ago by evilpie
  5

• Ensure sanitizing algorithms can be implemented efficiently

  #259 opened a month ago by smaug----
  6

• Is `get()` not explicit enough?

  #258 opened a month ago by mozfreddyb
  7

• Attribute "dir" is duplicated in the "built-in safe default configuration"

  #264 opened 23 days ago by evilpie
  3

• Spec bugs / clarifications

  #249 opened 3 months ago by otherdaniel
  10

• Sanitizer should not be exposed to Worker context

  #256 opened a month ago by evilpie
  0

• How to handle event handler attributes

  #226 opened 2 months ago by lukewarlow
  24

• Sanitizer vs ARIA

  #245 opened 3 months ago by otherdaniel
  5

• Renaming of the resources folder breaks Symfony CI

  #251 opened 2 months ago by Stoakes
  3

• javascript: URL handling is incorrect

  #246 opened 3 months ago by annevk
  0

• Update whatwg/html's editor checklist to check whether new elements and attributes need to be added to the allow lists

  #206 opened a year ago by mbrodesser-Igalia
  2

• Investigate what to do about HTML element nesting depth

  #227 opened 3 months ago by mozfreddyb
  6

• HTML5lib-style test cases for Sanitizer API WPT tests

  #241 opened 4 months ago by otherdaniel
  6

• otherMarkup

  #240 opened 4 months ago by otherdaniel
  9

• extend() static and instance method for Sanitizer

  #229 opened 4 months ago by annevk
  7

• Renaming methods to prefix them with `add` make it clear there is a modification of the instance

  #238 opened 4 months ago by mozfreddyb
  11

• Bug in assert_node_equals hides test failures

  #202 opened 4 months ago by evilpie
  12

• Compatibility with new `setHTMLUnsafe` and `parseHTMLUnsafe` methods/Declarative Shadow Roots

  #236 opened 4 months ago by shgysk8zer0
  1

• Chainable modifiers?

  #242 opened 4 months ago by otherdaniel
  1

• Broken references in HTML Sanitizer API

  #232 opened 9 months ago by dontcallmedom-bot
  0

• mXSS section outdated

  #213 opened 10 months ago by lukewarlow
  0

• Broken image in explainer.md

  #230 opened 10 months ago by 22jcampb
  1

• faq.md is outdated

  #221 opened a year ago by lukewarlow
  2

• Typos

  #220 opened a year ago by lukewarlow
  3

• Configuration edge cases

  #198 opened a year ago by otherdaniel
  3

• Current State of `config`/`options` for proposed API

  #215 opened a year ago by shgysk8zer0
  3

• Remove __TO_BE_MERGED variants

  #216 opened a year ago by foolip
  6

• Trusted types API interaction

  #204 opened a year ago by lukewarlow
  7

• Overloading methods in a separate partial definition is invalid

  #209 opened a year ago by tidoust
  3

• Links to Sanitizer API Defaults are broken

  #205 opened a year ago by mbrodesser-Igalia
  1

• Broken references in HTML Sanitizer API

  #186 opened a year ago by dontcallmedom-bot
  0

• Clarify threat model, "XSS first and foremost"

  #188 opened a year ago by otherdaniel
  20

• 2023-09-20 meeting notes

  #199 opened a year ago by evilpie
  2

• Naming: flattenElements

  #200 opened a year ago by annevk
  17

• Unpublish current spec?

  #207 opened a year ago by lukewarlow
  4

• Ability to configure whether script elements should execute

  #195 opened a year ago by zcorpan
  5

• Custom data attributes (dataset / data-*) support

  #191 opened a year ago by Janghou
  2

• Should the sanitizer normalize

  #203 opened a year ago by annevk
  6

• 2023-05-03 meeting notes

  #192 opened a year ago by annevk
  3

• Streaming support

  #190 opened a year ago by zcorpan
  1

• allowing unsafe markup

  #185 opened a year ago by mozfreddyb
  29