-
Notifications
You must be signed in to change notification settings - Fork 541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add (typeof window === 'undefined') check for trustedType #7910
Conversation
@@ -190,7 +190,7 @@ export function truncateText(element: HTMLElement, maxHeight: number, lineHeight | |||
* TextBlock.truncateIfSupported}), but had a bug where it might actually pass through an element | |||
* for which innerHTML yielded actual HTML (since fixed). | |||
*/ | |||
const ttDeprecatedPolicy = window.trustedTypes?.createPolicy("adaptivecards#deprecatedExportedFunctionPolicy", { | |||
const ttDeprecatedPolicy = (typeof window === 'undefined') ? undefined : window.trustedTypes?.createPolicy("adaptivecards#deprecatedExportedFunctionPolicy", { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@licanhua , would it be possible to create deprecatedExportedFunctionPolicy
before first use? Say host never uses truncate
method. Now it still needs to allow it in trusted-types directive so that call .createPolicy()
does not fail.
I would prefer if policies were only created when they are needed and used. The same should be also true for other TT policies, I did not check those.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what's your concern, performance? I think the impact is ignorable.
If you are worried about that "window is undefined" when you import Adaptivecards, then a window object is added. I don't think it's a real use case.
I prefer to keep it simple at the beginning. otherwise, a new function should be added, and
I need to have ttDeprecatedPolicy to be undefined | null, then undefined means not initialized, and null means trusted-types are not supported.
let ttDeprecatedPolicy = undefined | null | PolicyType
function GetPolicy()
{
if (ttDeprecatedPolicy === undefined) {
ttDeprecatedPolicy = null;
if (typeof window == ....
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@licanhua , my concern is that users of AC SDK now need to change trusted-types
directive in their CSPs and allow adaptivecards#deprecatedExportedFunctionPolicy
even when they are not using it. This goes against best practices to allow only policies that are needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approved, but please do consider my one comment :)
* fix * bump up version * fix error on utils * make test to use node enviroment other than jsdom (cherry picked from commit dc9a6b4)
…7910) (microsoft#7912) * fix * bump up version * fix error on utils * make test to use node enviroment other than jsdom (cherry picked from commit dc9a6b4)
Fix #7904
npx lerna version --force-publish --no-push --no-git-tag-version
to make min version changeMicrosoft Reviewers: Open in CodeFlow