-
### Description
Trusted Types enable writing web applications that are free from DOM-Based [Cross-Site-Scripting](http://go/xss) (XSS), the most prevalent web application vulnerability.
DOM-Based …
-
Hello,
I'm using your great library on angular with the @maaxgr/ang-jsoneditor (14.0.0) wrapper & jsoneditor (10.1.0).
I recently started implementing [Trusted Types](https://developer.mozilla.o…
-
### System Info
System:
OS: Linux 6.5 Ubuntu 20.04.6 LTS (Focal Fossa)
CPU: (32) x64 Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
Memory: 109.55 GB / 125.78 GB
Container: Yes
Shell: 5.0.17 - /bin/ba…
-
### Describe the problem
Even though `require-trusted-types-for` seems to be present in the list of CSP directives in the configuration, setting it (to `script`, which is its only value) will actua…
-
**Describe the bug**
I recently tried enabling CSP Trusted Types with a site that uses partytown and it throws errors about `TrustedScript` assignment on these specific files
https://github.com/Bu…
-
### Affected Packages
core
### Version(s)
2.7.2
### Bug Description
Setting [required-trusted-types-for](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-…
-
### Describe the bug
When a SvelteKit app enables the CSP directive `require-trusted-types-for` for `script`, hydration and CSR seems to break.
Related to https://github.com/sveltejs/kit/issues/…
-
### Bug description
I'm trying to use a CSP rule with trusted-types and I have an error that I'm not able to fix with angular-fontawesome.
angular-fontawesome should support for the Trusted Types …
-
cc @koto @lukewarlow
See https://w3c.github.io/webappsec-csp/#can-compile-strings
Steps 5-8 are as follows:
5. Let sourceToValidate be a [new](https://webidl.spec.whatwg.org/#new) [TrustedSc…
-
It would be nice to have handling for: the ~~[`trusted-types`](https://w3c.github.io/webappsec-trusted-types/dist/spec/#trusted-types-csp-directive)~~ [`trusted-types`](https://www.w3.org/TR/trusted-t…