-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Required resources blocked by Trusted-Types CSP #1334
Comments
Same here! @svArtist if you want a quick fix, this line of code fixed the problem for me:
based on the down-voted answer in: https://stackoverflow.com/questions/61964265/getting-error-this-document-requires-trustedhtml-assignment-in-chrome |
Hi!
Let's hope the masterminds in the TM community can find robust ways of smoothing out the |
For anyone looking for a bandaid-fix in the meantime: I wrote a TT helper. It does its best to enable reckless DOM modification again, and IF
Things should be like before the dreaded TT restrictions. If we can't set a default policy, we're out of luck for this issue of dependencies breaking TM, but for general DOM manipulation from within scripts that do work, we can try to set a custom policy, it'll be assigned to the variable
(Because it seems that Chrome stable at the moment doesn't even allow appending like |
Should be fixed at 4.14.6144 (in review|crx) |
I believe, it unfolds to someDomElement.innerHTML = someDomElement.innerHTML + actuallyTrustedHTML;
// or, to be more detailed
someDomElement.innerHTML = someDomElement.innerHTML.concat(actuallyTrustedHTML.toString());
// that obviously returns a regular "untrusted" string |
Oh, thank you for the insight. |
Also, you shouldn't use someDomElement.insertAdjacentHTML("beforeend", mycode); |
Oh yes!! Thank you for reminding me! |
To elaborate on @dev4min , the additions below allow you to do things like
|
(Please fill out the issue template with your details)
Expected Behavior
TM manages to inject required resources
Actual Behavior
On websites using a strict
Content-Security-Policy: require-trusted-types-for 'script';
/trusted-types
, injection fails with the unhandled errors:(Full log attached)
Test the behavior here: https://benjamin-philipp.com/test-trusted-types.php?defaultPolicy=true
Specifications
Script
(Please give an example of the script if applicable.)
benjamin-philipp.com-1632523189216.log
The text was updated successfully, but these errors were encountered: