fix(docs-infra): fix Trusted Types violation in Analytics snippet (#4…

…3406) The Google Analytics snippet loads its runtime by dynamically creating a script element and assigning a URL to its src attribute. This causes a Trusted Types violation. To fix this, create an inline Trusted Types policy called 'aio#analytics' to bless the script URL, which is a trusted constant. PR Close #43406
angular · Sep 10, 2021 · 93bb2dd · 93bb2dd
1 parent b4a551c
commit 93bb2dd
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/aio/src/index.html b/aio/src/index.html
@@ -51,6 +51,12 @@
     // Note this is a customised version of the GA tracking snippet
     // See the comments below for more info
     (function (i, s, o, g, r, a, m) {
+      if (i.trustedTypes) {
+        // Specify path as a TrustedScriptURL when Trusted Types are available
+        g = i.trustedTypes.createPolicy('aio#analytics', {
+          createScriptURL: function (s) { return s; }
+        }).createScriptURL(g);
+      }
       i['GoogleAnalyticsObject'] = r; i[r] = i[r] || function () {
         (i[r].q = i[r].q || []).push(arguments)
       }, i[r].l = 1 * new Date(); a = s.createElement(o),