275352 2024-06-11 04:39:42 -0700 Remove Trusted Types enforcement from toggleAttribute 2024-06-12 09:58:22 -0700 1 1 1 Unclassified WebKit DOM Safari 17 Unspecified Unspecified RESOLVED FIXED https://github.com/web-platform-tests/wpt/pull/46691 InRadar P2 Normal --- 266630 1 lwarlow lwarlow webkit-bug-importer oldest_to_newest 2040772 0 lwarlow 2024-06-11 04:39:42 -0700 Based on discussions with the chromium folks it turns out the enforcement inside of toggleAttribute was an accidental implementation bug rather than intentional (the integration with DOM was underspecified so the spec originally worked off of the chrome implementation). Based on this and the fact that toggling an attribute isn't an XSS vulnerability, the spec PR https://github.com/whatwg/dom/pull/1268 has been updated to not include this enforcement. This bug tracks removing it from WebKit. 2040790 1 lwarlow 2024-06-11 05:59:09 -0700 Pull request: https://github.com/WebKit/WebKit/pull/29712 2040998 2 ews-feeder 2024-06-12 09:56:22 -0700 Committed 279950@main (1ae029b5a34e): <https://commits.webkit.org/279950@main> Reviewed commits have been landed. Closing PR #29712 and removing active labels. 2040999 3 webkit-bug-importer 2024-06-12 09:58:22 -0700 <rdar://problem/129689673>