I am working on an app running Angularjs 1.4. This morning the app started crashing wit the below error when I updated my Chrome browser to Version 83.0.4103.61
Seems like it does not accept innerHTML anymore.
Edit: I figured out it has something to do with our CSP policies especially require-trusted-types-for 'script';
With the new chrome update, it seems to have become stricter.
@Doubidou method uses default
, which is going to disable TrustedHTML assignment (CSP) protection.
The way bellow isn't going to disable the protection. We are creating a trust policy that is going to return the same as the input.
escapeHTMLPolicy = trustedTypes.createPolicy("forceInner", {
createHTML: (to_escape) => to_escape
})
Then just prepare your html codes before any input:
my_element.innerHTML = escapeHTMLPolicy.createHTML("<h1>your_html</h1>");
Source: https://developer.mozilla.org/en-US/docs/Web/API/TrustedHTML
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With