You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RequireJS should support Trusted Types API so that it can be seamlessly integrated into applications that enforce Trusted Types for all DOM XSS Injection Sinks (e.g. assignments to HTMLScriptElement.src attribute) via CSP directive require-trusted-types-for. Trusted Types APIs are now fully supported in browsers with Blink engine (Chrome, Edge and others).
To support Trusted Types we should identify all instances where RequireJS calls such methods and propose re-factoring. We need to be careful to keep supporting browsers without Trusted Types support. This is usually done by testing whether window.trustedTypes is defined and fall-back to current behavior if it's not.
Trusted Types support
RequireJS should support Trusted Types API so that it can be seamlessly integrated into applications that enforce Trusted Types for all DOM XSS Injection Sinks (e.g. assignments to HTMLScriptElement.src attribute) via CSP directive require-trusted-types-for. Trusted Types APIs are now fully supported in browsers with Blink engine (Chrome, Edge and others).
To support Trusted Types we should identify all instances where RequireJS calls such methods and propose re-factoring. We need to be careful to keep supporting browsers without Trusted Types support. This is usually done by testing whether window.trustedTypes is defined and fall-back to current behavior if it's not.
We know so far about these locations:
requirejs/require.js
Line 1945 in 898ff9e
requirejs/require.js
Line 1979 in 898ff9e
requirejs/require.js
Line 2140 in 898ff9e
References
The text was updated successfully, but these errors were encountered: