Update standards position on Trusted Types - fixes #20 (#936)

* Update standards position on Trusted Types - fixes #20 * Update activities.json Co-authored-by: Martin Thomson <[email protected]> --------- Co-authored-by: Frederik Braun <[email protected]> Co-authored-by: Martin Thomson <[email protected]>
mozilla · Dec 13, 2023 · 05e0206 · 05e0206
1 parent 742589f
commit 05e0206
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/activities.json b/activities.json
@@ -1573,8 +1573,8 @@
     "description": "An API that allows applications to lock down powerful APIs to only accept non-spoofable, typed values in place of strings to prevent vulnerabilities caused by using these APIs with attacker-controlled inputs.",
     "id": "trusted-types",
     "mozBugUrl": null,
-    "mozPosition": "neutral",
-    "mozPositionDetail": "The API could be used to harden sites against certain cross-site scripting issues, but it is sufficiently complex that we are concerned that it will not be suitable for many sites.",
+    "mozPosition": "positive",
+    "mozPositionDetail": "Mozilla believes that preventing DOM-based XSS is an important security goal. The track record of preventing DOM-based XSS is convincing. Dealing with inscrutable third-party dependencies or external JavaScript has been a major concern of security and enforcing reasonable boundaries is a promising approach. We have some reservations about some features in the Chromium implementation, which need to be validated and standardized or removed.",
     "mozPositionIssue": 20,
     "org": "W3C",
     "title": "Trusted Types",