Add patchUnsafe() methods

foolip · foolip · commit 0793d4912d46 · 2025-09-05T17:45:06.000+02:00
Depends on w3c/trusted-types#597 for Trusted Types integration.
diff --git a/source b/source
@@ -116904,7 +116904,7 @@ document.body.appendChild(frame)</code></pre>
 
   <h3 id="dom-parsing-and-serialization">DOM parsing and serialization APIs</h3>
 
-  <pre><code class="idl">partial interface <span id="Element-partial">Element</span> {
+  <pre><code class="idl">partial interface <span>Element</span> {
   [<span>CEReactions</span>] undefined <span data-x="dom-Element-setHTMLUnsafe">setHTMLUnsafe</span>((<code data-x="tt-trustedhtml">TrustedHTML</code> or DOMString) html);
   DOMString <span data-x="dom-Element-getHTML">getHTML</span>(optional <span>GetHTMLOptions</span> options = {});
 
@@ -116913,7 +116913,7 @@ document.body.appendChild(frame)</code></pre>
   [<span>CEReactions</span>] undefined <span data-x="dom-Element-insertAdjacentHTML">insertAdjacentHTML</span>(DOMString position, (<code data-x="tt-trustedhtml">TrustedHTML</code> or DOMString) string);
 };
 
-partial interface <span id="ShadowRoot-partial">ShadowRoot</span> {
+partial interface <span>ShadowRoot</span> {
   [<span>CEReactions</span>] undefined <span data-x="dom-ShadowRoot-setHTMLUnsafe">setHTMLUnsafe</span>((<code data-x="tt-trustedhtml">TrustedHTML</code> or DOMString) html);
   DOMString <span data-x="dom-ShadowRoot-getHTML">getHTML</span>(optional <span>GetHTMLOptions</span> options = {});
 
@@ -117741,6 +117741,84 @@ interface <dfn interface>XMLSerializer</dfn> {
 
   </div>
 
+  <h3 split-filename="patching" id="patching">Patching</h3>
+
+  <p>TODO: introduction, what's all this?</p>
+
+  <pre><code class="idl">partial interface <span>Element</span> {
+  WritableStream <span data-x="dom-Element-patchUnsafe">patchUnsafe</span>(optional PatchUnsafeOptions options = {});
+};
+
+partial interface <span>ShadowRoot</span> {
+  WritableStream <span data-x="dom-ShadowRoot-patchUnsafe">patchUnsafe</span>(optional PatchUnsafeOptions options = {});
+};
+
+dictionary WindowPostMessageOptions</dfn> : <span>StructuredSerializeOptions</span> {
+  USVString targetOrigin</dfn> = "/";
+};
+dictionary <dfn dictionary>PatchUnsafeOptions</dfn> {
+  TrustedTransformStream <dfn dict-member for="PatchUnsafeOptions" >trustedTransformStream</dfn>;
+};</code></pre>
+
+  <div w-nodev>
+
+  <p><code>Element</code>'s <dfn method for="Element"><code
+  data-x="dom-Element-patchUnsafe">patchUnsafe(<var>options</var>)</code></dfn> method steps
+  are:</p>
+
+  <ol>
+   <li><p>Let <var>writable</var> be a new WritableStream.</p></li>
+
+   <li>
+    <p>If <var>options</var>["<code data-x="dom-PatchUnsafeOptions-trustedTransformStream">trustedTransformStream</code>"] <span data-x="map exists">exists</span>:</p>
+
+    <ol>
+     <li><p>Set <var>writable</var> to the result of piping <var>writable</var> through <var>options</var>["trustedTransformStream"].</p></li>
+    </ol>
+   </li>
+
+   <li>
+    <p>Otherwise:</p>
+
+    <ol>
+     <li><p>If there's a default TT policy, use that and wrap <var>writable</var> 👋</p></li>
+    </ol>
+   </li>
+
+   <li><p>Create a new parser and do all the actual work 👋</p></li>
+
+   <li><p>Return <var>writable</var>.</p></li>
+  </ol>
+
+  <div class="example">
+   <p>Do a thing like this:</p>
+   <pre><code class="js">const policy = trustedTypes.createPolicy("my-policy", {
+  createTransformStream() {
+    return new TransformStream({
+      transform(chunk, controller) {
+        // TODO: some buffering
+        controller.enqueue(sanitize(chunk));
+      }
+    });
+  }
+});
+
+const trustedTransformStream = policy.createTransformStream(input);
+const writable = element.patchUnsafe({ trustedTransformStream });
+const response = await fetch('/fragments/something');
+response.body.pipeTo(writable);</code></pre>
+  </div>
+
+  <p><code>ShadowRoot</code>'s <dfn method for="ShadowRoot"><code
+  data-x="dom-ShadowRoot-patchUnsafe">patchUnsafe(<var>options</var>)</code></dfn> method steps
+  are:</p>
+
+  <ol>
+   <li>TODO</li>
+  </ol>
+
+  </div>
+
   <h3 split-filename="timers-and-user-prompts" id="timers">Timers</h3>
 
   <p>The <code data-x="dom-setTimeout">setTimeout()</code> and <code
