Jun

What is FPWD? 😋

@annevk where is the best place to understand and discuss the Mozilla's objection details? [Standard Position thread](https://github.com/mozilla/standards-positions/issues/20) is closed and [your last comment](https://github.com/mozilla/standards-positions/issues/20#issuecomment-555016682) was `somewhere between worth prototyping and non-harmful`.

> Also, @mikewest and @koto, any chance of bringing people from the other orgs who have been using TT into the WG to directly discuss their experience? I'm happy to...

> However, a specific Sanitizer config will be able to do so. (See also the [section on Script gadgets in the spec](https://wicg.github.io/sanitizer-api/#script-gadgets)). While I love Sanitizer API, I just want...

I didn't get the benefit of having TT enforcement on these attributes. If anything from custom attribute would end up in _innerHTML_, then TT check would happen at that point,...

The actual root cause of XSS is due to `disable-output-escaping` attribute set to `yes`, which will disable HTML escaping. The only easy way to mitigate this bug seems to be...

> I think extensions still support NaCL modules? Extensions are not an issue. Content scripts can bypass the Trusted Types anyways. > given that `` and `` can certainly still...

Okay, fair :) TT isn't supported in Extensions yet, and I'm waiting for it :)

> Why isn't TT supported in extensions? That sounds strange. There is at least an additional sink available in extension pages (i.e. `chrome.tabs.executeScript`) which needs to be guarded by TT...

See [this](https://source.chromium.org/chromium/chromium/src/+/master:components/about_ui/resources/about_credits.js;l=22;drc=6e82ffa4ab779589119ba9cf5d8a5fe6720b2deb) for example.