Integration with trusted types inside of node conversion

[lukewarlow]

Fixes w3c/trusted-types#438

• At least two implementers are interested (and none opposed):
  • Chromium (already implemented)
  • Gecko
• Tests are written and can be reviewed and commented upon at:
  • https://wpt.fyi/trusted-types already includes a number of tests for these changes.
• Implementation bugs are filed:
  • Chromium: Shipped
  • Gecko: https://bugzilla.mozilla.org/show_bug.cgi?id=1508286
  • WebKit: https://bugs.webkit.org/show_bug.cgi?id=270435
• MDN issue is filed: N/A
• The top of this comment includes a clear commit message to use.

(See WHATWG Working Mode: Changes for more details.)

---

Preview | Diff

[lukewarlow]

Bolt on to #1247

[mbrodesser-Igalia]

@lukewarlow you mentioned somewhere you'd appreciate a review in order to simplify the change. Since it's not primarily about correctness, how helpful would an imminent review be?

[lukewarlow]

@mbrodesser-Igalia that was for an editorial PR to trusted types (which has been merged) rather than this one, so nothing urgent here.

[annevk]

This looks complicated. Any reason we cannot convert to Text nodes first and then potentially throw for Text nodes if they pose some kind of danger in combination with a script element?

[lukewarlow]

This looks complicated. Any reason we cannot convert to Text nodes first and then potentially throw for Text nodes if they pose some kind of danger in combination with a script element?

Ah yeah that's a good idea, can process text nodes and raw strings at the same time them and then can just handle the trusted script after the other processing (because it needs to hold onto the fact it's safe). I knew there was probably a nicer way.

[lukewarlow]

@annevk is there anything left that's needed for this PR? Wanna make sure I'm not holding anything up.

[lukewarlow]

LGTM @annevk thanks for your help getting this across the line.

[fred-wang]

For the record, this was reverted in 809bfa2