Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

getting error `This document requires 'TrustedHTML' assignment` in chrome

I am working on an app running Angularjs 1.4. This morning the app started crashing wit the below error when I updated my Chrome browser to Version 83.0.4103.61

Seems like it does not accept innerHTML anymore.

enter image description here

Edit: I figured out it has something to do with our CSP policies especially require-trusted-types-for 'script';

With the new chrome update, it seems to have become stricter.

like image 637
Azim Saiyed Avatar asked May 22 '20 21:05

Azim Saiyed


1 Answers

@Doubidou method uses default, which is going to disable TrustedHTML assignment (CSP) protection.

The way bellow isn't going to disable the protection. We are creating a trust policy that is going to return the same as the input.

escapeHTMLPolicy = trustedTypes.createPolicy("forceInner", {
            createHTML: (to_escape) => to_escape
        })

Then just prepare your html codes before any input:


my_element.innerHTML = escapeHTMLPolicy.createHTML("<h1>your_html</h1>");

Source: https://developer.mozilla.org/en-US/docs/Web/API/TrustedHTML

like image 96
Benjamin Walter Mauss Avatar answered Nov 08 '22 13:11

Benjamin Walter Mauss