Trusted Types API violation fix#5561
Trusted Types API violation fix#5561rafaelhovhannisyan24 wants to merge 1 commit intoueberdosis:developfrom
Conversation
rafaelhovhannisyan24
requested review from
bdbch and
svenadlung
as code owners
|
✅ Deploy Preview for tiptap-embed ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
@nperez0111 I also had same issue and seems @rafaelhovhannisyan24(thank you) fixed it on this pr - #5561 |
nperez0111
left a comment
nperez0111
left a comment
There was a problem hiding this comment.
This is not mergable as is.
| if (window.trustedTypes) { | ||
| // @ts-ignore | ||
| // eslint-disable-next-line no-undef | ||
| policy = window.trustedTypes.createPolicy('tiptap', { |
There was a problem hiding this comment.
This doesn't make sense on why it's being repeated
| } | ||
|
|
||
| styleNode.setAttribute(`data-tiptap-style${suffix ? `-${suffix}` : ''}`, '') | ||
| styleNode.innerHTML = style |
There was a problem hiding this comment.
Is this actually equivalent?
| export function elementFromString(value: string): HTMLElement { | ||
| // add a wrapper to preserve leading and trailing whitespace | ||
| const wrappedValue = `<body>${value}</body>` | ||
| const wrappedValue = policy.createHTML(`<body>${value}</body>`) |
There was a problem hiding this comment.
Does prosemirror support this because I am not willing to use this if prosemirror does not even support this.
A link to the source would be enough to convince me. Probably in prosemirror view since that touches the DOM
bdbch
added
the
Stale
|
Closing this for now as the PR is stale - if you want to update it, feel free to reopen. |
5 participants
Fix for Trusted Types Issue with TipTap on YouTube
YouTube recently enforced a stricter Content Security Policy with Trusted Types, causing TipTap to stop working in our Chrome extension. The issue arose because Trusted Types restrict certain operations like innerHTML, which TipTap relies on.
Solution:
We implemented a custom Trusted Types policy that allows TipTap to function correctly within YouTube's security framework. This fix involves defining and applying a policy that permits the necessary unsafe operations while maintaining security.
https://web.dev/articles/trusted-types#fix_the_violations