-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comply with Trusted Types #2846
base: master
Are you sure you want to change the base?
Conversation
@tosmolka, have you checked if your solution actually picks up things like |
@shhnjk , from my tests it works well with I don't think it works with |
@niklasvh could you take a look? Thanks! |
This reverts commit 95ea260.
…ooks fine on local This reverts commit 95ea260.
Summary
html2canvas has Trusted Types violation due to use of
document.write
API which is considered a dangerous sink for XSS. This change fixes that and make html2canvas compatible with Trusted Types.Fixes: #2858
Test plan (required)
Existing test should be sufficient as there is no change in the functionality. There should be a test to check for Trusted Types violation, but existing test.js has multiple Trusted Types violation, so I wasn't able to use that infra.