Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates tsec and rewrites sinks assignement #112069

Merged
merged 2 commits into from
Dec 9, 2020
Merged

Updates tsec and rewrites sinks assignement #112069

merged 2 commits into from
Dec 9, 2020

Conversation

engelsdamien
Copy link
Contributor

The latest tsec commit fixes a bug where tsec was no building properly postinstall, this PR updates tsec to the latest commit and pins it to that commit in package.json.

This PR also rewrites policy usages to all be of the same shape (i.e. policy?.createHTML(html) ?? html) and moves all the casts to the sinks assignment expressions directly as this is the only way tsec can recognize them.

This PR fixes #111289
Related issues are #108400 #103699 & google/tsec#18

@engelsdamien
Updates tsec
2c93772 
This fixes the bug where tsec was not running a postinstall build, which
caused it to keep running an old version.

This new version comes with new violations and Trusted Types awareness.

Also pins tsec to the latest commit so that the version fetched is
always the same.
@engelsdamien
Rewrites Trusted Types sink assignements
5865aea 
Moves the casts to the sink assignement expression so that tsec can
recognize it.
@ghost
Copy link

ghost commented Dec 8, 2020
edited by ghost
Loading

CLA assistant check
All CLA requirements met.

@engelsdamien
Copy link
Contributor Author

@koto & @uraj for visibility

@mjbvz mjbvz assigned jrieken and unassigned mjbvz Dec 8, 2020
@jrieken
Copy link
Member

jrieken commented Dec 9, 2020

Thanks @engelsdamien!

@jrieken jrieken merged commit a0cbecb into microsoft:master Dec 9, 2020
@jrieken jrieken added this to the December/January 2021 milestone Dec 9, 2020
@github-actions github-actions bot locked and limited conversation to collaborators Jan 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@jrieken jrieken

Labels
None yet
Projects
None yet
Milestone
January 2021
Development

Successfully merging this pull request may close these issues.

tsec is not version locked
3 participants
@engelsdamien @jrieken @mjbvz