diff --git a/packages/next/client/page-loader.js b/packages/next/client/page-loader.js index aef09e8b3cb19..165123d3851a0 100644 --- a/packages/next/client/page-loader.js +++ b/packages/next/client/page-loader.js @@ -5,6 +5,19 @@ import { getRouteMatcher } from './../next-server/lib/router/utils/route-matcher import { getRouteRegex } from './../next-server/lib/router/utils/route-regex' import { delBasePath } from './../next-server/lib/router/router' +let trustedTypesPolicy = undefined +if (window?.trustedTypes?.createPolicy) { + trustedTypesPolicy = window.trustedTypes.createPolicy('next-trusted-types', { + // Needs security review regarding DOM XSS + createHTML(dirty) { + return dirty.replace(/ { const error = new Error(`Error loading script ${url}`) error.code = 'PAGE_LOAD_ERROR'