From c157d3094412093e0dfda572951fb21d91d2a833 Mon Sep 17 00:00:00 2001 From: Luke Warlow Date: Tue, 24 Feb 2026 14:31:31 +0000 Subject: [PATCH] Add HTMLScriptElement IDL changes for Trusted Types This upstreams the changes to HTMLScriptElement's IDL that was previously patched by the trusted types specification. HTMLScriptElement now shadows innerText and textContent, so these can take a TrustedScript object. Its src and text properties are also updated to take TrustedScriptURL and TrustedScript respectively. --- source | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 109 insertions(+), 4 deletions(-) diff --git a/source b/source index c16dde7c133..2bc57314650 100644 --- a/source +++ b/source @@ -3415,6 +3415,8 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • valid attribute local name
  • valid element local name
  • is a global custom element registry
  • +
  • get text content
  • +
  • set text content
  • The following features are defined in UI Events: UIEVENTS

    @@ -4798,6 +4800,7 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • data
  • TrustedScriptURL
  • get trusted type compliant string
  • +
  • update script trustedness
  • @@ -66131,7 +66134,7 @@ interface HTMLScriptElement : HTMLElement { [HTMLConstructor] constructor(); [CEReactions, Reflect] attribute DOMString type; - [CEReactions, ReflectURL] attribute USVString src; + [CEReactions] attribute (TrustedScriptURL or USVString) src; [CEReactions, Reflect] attribute boolean noModule; [CEReactions] attribute boolean async; [CEReactions, Reflect] attribute boolean defer; @@ -66141,7 +66144,9 @@ interface HTMLScriptElement : HTMLElement { [CEReactions, Reflect] attribute DOMString integrity; [CEReactions] attribute DOMString fetchPriority; - [CEReactions] attribute DOMString text; + [CEReactions] attribute (TrustedScript or [LegacyNullToEmptyString] DOMString) innerText; + [CEReactions] attribute (TrustedScript or DOMString)? textContent; + [CEReactions] attribute (TrustedScript or DOMString) text; static boolean supports(DOMString type); @@ -66516,8 +66521,108 @@ interface HTMLScriptElement : HTMLElement {
    -

    The text setter steps are to string replace - all with the given value within this.

    +

    The text setter steps are:

    + +
      +
    1. Let compliantScript be the result of invoking the get trusted type compliant string algorithm with TrustedScript, this's relevant global + object, the given value, "HTMLScriptElement text", and "script".

    2. + +
    3. Update script trustedness for + this with compliantScript.

    4. + +
    5. String replace all with compliantScript within + this.

    6. +
    +
    + +
    +

    The innerText getter steps are to return the result of + running get the text steps with this.

    +
    + +
    +

    The innerText setter steps are:

    + +
      +
    1. Let compliantScript be the result of invoking the get trusted type compliant string algorithm with TrustedScript, this's relevant global + object, the given value, "HTMLScriptElement innerText", and "script".

    2. + +
    3. Update script trustedness for + this with compliantScript.

    4. + +
    5. Run set the inner text steps with this and + compliantScript.

    6. +
    +
    + +
    +

    The textContent getter steps are to return the result of + running get text content with this.

    +
    + +
    +

    The textContent setter steps are:

    + +
      +
    1. Let compliantScript be the result of invoking the get trusted type compliant string algorithm with TrustedScript, this's relevant global + object, the given value, "HTMLScriptElement textContent", and + "script".

    2. + +
    3. Update script trustedness for + this with compliantScript.

    4. + +
    5. Run set text content with this and + compliantScript.

    6. +
    +
    + +
    +

    The src + getter steps are:

    + +
      +
    1. Let element be the result of running this's get the + element.

    2. + +
    3. Let contentAttributeValue be the result of running this's + get the content attribute.

    4. + +
    5. If contentAttributeValue is null, then return the empty string.

    6. + +
    7. Let urlString be the result of be the result of + encoding-parsing-and-serializing a URL given contentAttributeValue, + relative to element's node document.

    8. + +
    9. If urlString is not failure, then return urlString.

    10. + +
    11. Return contentAttributeValue, converted to a scalar + value string.

    12. +
    +
    + +
    +

    The src setter steps are:

    + +
      +
    1. Let compliantScriptURL be the result of invoking the get trusted type compliant string algorithm with TrustedScriptURL, this's relevant global + object, the given value, "HTMLScriptElement src", and "script".

    2. + +
    3. Set this's src content attribute to + compliantScriptURL.

    4. +