Sanitizer API

Security

Adds features for sanitizing user input, either as an addition to or a replacement for sanitization that may already have been implemented.

Motivation

User input sanitization is a necessary and common activity of many web applications, but it's difficult to get right. As a component of the web platform it's easier to harden the sanitizer implementation and keep it up-to-date. Offering a high-quality sanitizer with good defaults (without blocking developers from using their own, if they choose) would improve security, and make it more accessible.

Specification

Editor's draft

Status in Chromium

Blink components: Blink>SecurityFeature

No active development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Edge: No signal
Safari: No signal
Web Developers: No signals

Owners

vogelheim@chromium.org
mkwst@chromium.org
lyf@chromium.org

Last updated on 2020-10-02