Add Trusted Types support #62618
Replies: 5 comments
-
|
The pull request above is to add a tool called tsec to the linting process to check for Trusted Types violations. Going forward, I plan to create more pull requests to fix all of the violations detected by tsec. Also, tsec is not guaranteed to catch all violations, so I plan to find and fix violations that occur when running Next.js applications locally or from running unit/integration tests. After all of these violations are fixed, then application developers can choose to enforce Trusted Types without being blocked by the framework. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Moving this to |
Beta Was this translation helpful? Give feedback.
-
|
Afaik React already supports Trusted Types: https://github.com/facebook/react/pull/16157/files |
Beta Was this translation helpful? Give feedback.
-
|
Hmm, so does Next? |
Beta Was this translation helpful? Give feedback.
-
Describe the feature you'd like to request
Backstory and initial implementation can be found here: #13509
Describe the solution you'd like
As mentioned in #13509 Trusted Types helps prevent XSS attack, we're planning to add support for it in Next.js natively so that there is a default configuration.
Someone from the Chrome team is going to start working on adding Trusted Types to Next.js early January.
Beta Was this translation helpful? Give feedback.
All reactions