@@ -1067,20 +1067,6 @@ Given a {{TrustedType}} type (|expectedType|), a [=realm/global object=] (|globa
1. Return a new instance of an interface with a type
name |trustedTypeName|, with its associated data value set to |dataString|.
-## Prepare the script text ## {#prepare-script-text}
-
-Given an {{HTMLScriptElement}} (|script|), this algorithm performs the following steps:
-
-1. If |script|'s [=script text=] value is not equal to its [=child text content=],
- set |script|'s [=script text=] to the result of executing [$Get Trusted Type compliant string$], with the following arguments:
- * {{TrustedScriptURL}} as |expectedType|,
- * |script|'s {{Document}}'s [=relevant global object=] as |global|,
- * |script|'s [=child text content=] attribute value,
- * `HTMLScriptElement text` as |sink|,
- * `'script'` as |sinkGroup|.
-
- If the algorithm threw an error, rethrow the error.
-
## Get Trusted Types-compliant attribute value ## {#validate-attribute-mutation}
To get Trusted Types-compliant attribute value on {{Attr}} |attribute| with {{Element}} |element| and {{TrustedType}} or a string |newValue|, perform the following steps:
@@ -1171,12 +1157,17 @@ partial interface HTMLScriptElement {
#### Slots with trusted values #### {#slots-with-trusted-values}
-This document modifies {{HTMLScriptElement}}s. Each script has:
+An {{HTMLScriptElement}} and {{SVGScriptElement}} have:
+
+: an associated boolean is trusted.
+:: A boolean indicating whether a script element is considered trustworthy for execution.
+ Initially true.
+
+Note: This boolean is initially true so that parsed scripts are trusted.
-: an associated string script text.
-:: A string, containing the body of the script to execute that was set
- through a compliant sink. Equivalent to script's
- [=child text content=]. Initially an empty string.
+: an associated boolean changed by trusted sink.
+:: A boolean indicating whether a script element has been modified by a trusted sink.
+ Initially false.
#### The {{HTMLScriptElement/innerText}} IDL attribute #### {#the-innerText-idl-attribute}
@@ -1185,7 +1176,7 @@ The {{HTMLScriptElement/innerText}} setter steps are:
1. Let |value| be the result of calling [$Get Trusted Type compliant string$] with
{{TrustedScript}}, [=this=]'s [=relevant global object=], the given value, `HTMLScriptElement innerText`, and
`script`.
-1. Set [=this=]'s [=script text=] value to |value|.
+1. Set [=this=]'s [=HTMLScriptElement/changed by trusted sink=] to true.
1. Run [=set the inner text steps=] with [=this=] and |value|.
The {{HTMLScriptElement/innerText}} getter steps are:
@@ -1200,7 +1191,7 @@ empty string instead, and then do as described below:
1. Let |value| be the result of calling [$Get Trusted Type compliant string$] with
{{TrustedScript}}, [=this=]'s [=relevant global object=], the given value, `HTMLScriptElement textContent`, and
`script`.
-1. Set [=this=]'s [=script text=] value to |value|.
+1. Set [=this=]'s [=HTMLScriptElement/changed by trusted sink=] to true.
1. Run [=set text content=] with [=this=] and |value|.
The {{HTMLScriptElement/textContent}} getter steps are:
@@ -1214,7 +1205,7 @@ Update the {{HTMLScriptElement/text}} setter steps algorithm as follows.
1. Let |value| be the result of calling [$Get Trusted Type compliant string$] with
{{TrustedScript}}, [=this=]'s [=relevant global object=], the given value, `HTMLScriptElement text`, and
`script`.
-1. Set [=this=]'s [=script text=] value to the given value.
+1. Set [=this=]'s [=HTMLScriptElement/changed by trusted sink=] to true.
1. [=String replace all=] with the given value within [=this=].
@@ -1227,29 +1218,27 @@ The {{HTMLScriptElement/src}} setter steps are:
`script`.
1. Set [=this=]'s [=src=] content attribute to |value|.
-#### Setting slot values from parser #### {#setting-slot-values-from-parser}
+#### Script children changed steps #### {#script-children-changed-steps}
-This document modifies the HTML parser to set the [=script text=] value when the script is created.
+This document modifies the [=children changed steps=] for {{HTMLScriptElement}} as follows:
-Modify the [=The text insertion mode=] algorithm as follows:
+1. Set [=this=]'s [=HTMLScriptElement/is trusted=] to false.
-...
+1. If [=this=]'s [=HTMLScriptElement/changed by trusted sink=] is true, set [=this=]'s [=HTMLScriptElement/is trusted=] to true. -Set script's [=script text=] value to its [=child text content=].
+1. Set [=this=]'s [=HTMLScriptElement/changed by trusted sink=] to false. -If the active speculative HTML parser is null, then prepare the script - element script. This might cause some script to execute, which might cause - new characters to be inserted into the tokenizer, and - might cause the tokenizer to output more tokens, resulting in a [=reentrant invocation of the parser=].
+1. Run the {{HTMLScriptElement|script}} [=HTML element post-connection steps=], given [=this=]. -...
-This is done so that if a parser-inserted script element fails to
run when the parser tries to run it, but it is later executed after a script dynamically
updates it, it will execute in an async fashion even if the async attribute isn't set.
Execute the [$Prepare the script text$] algorithm on el. If that algorithm threw an error, then return.
Let source text be el's child text content. [=script text=] value.
+
+
Let source text be el's child text content. + +
If el's [=HTMLScriptElement/is trusted=] is false: +
Set source text to the result of executing [$Get Trusted Type compliant string$], with + {{TrustedScript}}, el's [=relevant global object=], source text, `'HTMLScriptElement text'`, + and `'script'`. +
If that algorithm threw an error, then return. +