-
## Bug report
### Current Behavior
There are several Radix UI Primitives that rely on `dangerouslySetInnerHtml` to inject content into `` tags, for example the `` ([see code](https://github.com/…
-
Consider adding the [`trusted-types`](https://w3c.github.io/webappsec-trusted-types/dist/spec/#trusted-types-csp-directive) and [`require-trusted-types-for`](https://w3c.github.io/webappsec-trusted-ty…
-
#### Is your suggestion related to a problem? Please describe.
Element uses unsafe DOM manipulation which poses a risk of cross-site scripting and other attacks.
#### Describe the solution you'd l…
-
according to [the docs](https://version-2023-6.goauthentik.io/docs/installation/configuration#listen-setting) fc00::/7 is not in AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS by default i feel like it should …
-
Here's the error, but I've already gotten inside the container and changed the strategy in main.py: 1) I was prompted to add http://192.168.1.5:8080 to the allowed_iframe_parents list; 2) I enable dan…
-
### System Info
System:
OS: Windows 11 10.0.22631
CPU: (40) x64 Intel(R) Xeon(R) Silver 4210R CPU @ 2.40GHz
Memory: 34.83 GB / 63.66 GB
Binaries:
Node: 20.11.0 - C:\Program F…
-
We've outlined what we think would be the HTML integration points needed for [Trusted Types](https://w3c.github.io/webappsec-trusted-types/dist/spec/). This accompanies [HTML#3052](https://github.com/…
-
## What
[Trusted Types](https://web.dev/articles/trusted-types) are a relatively new browser feature designed to the DOM XSS attack surface of a website or web app. They are enforced by setting [ne…
-
PhotoSwipe should support Trusted Types API so that it can be seamlessly integrated into applications that enforce Trusted Types for all DOM XSS Injection Sinks (such as innerHTML setters) via CSP dir…
-
See https://gist.github.com/shhnjk/a44b13dfdbd83c79bd1e2c1b08508f9d for context.
We should enable Trusted Types by default in WebUI pages and exclude any pages that don't support it yet with `Disab…