Skip to content

Add a target suitable for nodejs. #190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
koto opened this issue Jul 11, 2019 · 5 comments
Closed

Add a target suitable for nodejs. #190

koto opened this issue Jul 11, 2019 · 5 comments
Assignees
@jerryzz0
Labels
polyfill

Comments

@koto
Copy link
Member

koto commented Jul 11, 2019

That probably means publishing an npm package that

  • implements the TT API only (equivalent of api_only.js entry point) (TrustedTypes.createPolicy etc.).
  • enforces restrictions (i.e. hook to prototype methods) on a given document-like and window-like objects - and a enforcement configuration (currently this is implemented as a CSP string).

These can be separate modules, but should all be packaged in one package, such that one can (I'm making up the API shape completely here):

import {TrustedTypes} from 'trusted-types/api.js';
import {enforceOn} from 'trusted-types/enforcement.js'; 
enforceOn(document, window, 'default': TrustedTypes.createPolicy('default', ...), violationCallback);

For the time being, this should probably be packaged as CommonJS modules, as ES modules are still experimental in Node 12, but we should explore how to migrate to ES modules eventually. It sounds like we might be able to package both variants together : https://nodejs.org/api/esm.html#esm_package_entry_points.
@koto koto added the polyfill label Jul 11, 2019
@koto
Copy link
Member Author

koto commented Jul 11, 2019

@engelsdamien you probably would depend on the polyfill package?

@koto
Copy link
Member Author

koto commented Jul 11, 2019

The current node package (api_only as commonjs) unfortunately breaks:

$ node
> require('.')
ReferenceError: HTMLIFrameElement is not defined
    at trustedTypesBuilderTestOnly (/usr/local/google/home/koto/dev/trusted-types/dist/cjs/trustedtypes.api_only.js:357:21)
    at Object.<anonymous> (/usr/local/google/home/koto/dev/trusted-types/dist/cjs/trustedtypes.api_only.js:684:5)
    at Module._compile (internal/modules/cjs/loader.js:701:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:712:10)
    at Module.load (internal/modules/cjs/loader.js:600:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:539:12)
    at Function.Module._load (internal/modules/cjs/loader.js:531:3)
    at Module.require (internal/modules/cjs/loader.js:637:17)
    at require (internal/modules/cjs/helpers.js:22:18)

as we're now expecting a browser environment in trustedtypes.js, to test for browser behavior.

@koto
Copy link
Member Author

koto commented Jul 12, 2019

https://www.npmjs.com/package/element-closest has something close to what we need. https://github.com/airbnb/browser-shims has a short list of polyfills we might take a look at for comparison.

@mikesamuel
Copy link
Collaborator

Is the idea that we provide an API that, given a TrustedTypesPolicyConfiguration and an HTMLDocument, returns a TrustedTypesPolicyFactory?

koto pushed a commit that referenced this issue Sep 12, 2019
@Siegrift @koto
Build polyfill for multiple environments (#210)
b6d51c3 
Partially addresses #190.
@koto
Copy link
Member Author

koto commented Mar 2, 2020

Sorry for the late response. Yes :)

@Siegrift Siegrift mentioned this issue Oct 28, 2020
Merged
@koto koto closed this as completed in 07ca56e Nov 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jerryzz0 jerryzz0

Labels
polyfill
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@koto @mikesamuel @jerryzz0