mirror of
https://github.com/miniflux/v2.git
synced 2025-08-06 17:41:00 +00:00
Enable trusted-types
This commit adds a policy, and make use of it in the Content-Security-Policy. I've tested it the best I could, both on a modern browser supporting trusted-types (Chrome) and on one that doesn't (firefox). Thanks to @lweichselbaum for giving me a hand to wrap this up!
This commit is contained in:
jvoisin
Frédéric Guillot
parent
beb8c80787
commit
ed20771194
5 changed files with 20 additions and 4 deletions
15
internal/ui/static/js/tt.js
Normal file
15
internal/ui/static/js/tt.js
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
let ttpolicy;
|
||||
if (window.trustedTypes && trustedTypes.createPolicy) {
|
||||
//TODO: use an allow-list for `createScriptURL`
|
||||
if (!ttpolicy) {
|
||||
ttpolicy = trustedTypes.createPolicy('ttpolicy', {
|
||||
createScriptURL: src => src,
|
||||
createHTML: html => html,
|
||||
});
|
||||
}
|
||||
} else {
|
||||
ttpolicy = {
|
||||
createScriptURL: src => src,
|
||||
createHTML: html => html,
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue