Closed timonmasberg closed 5 months ago
you can utilize the default policy for this
@timonmasberg Can you clarify? You set require-trusted-types-for to default?
require-trusted-types-for to default?
No, you can create a policy for "default", which allows you to sanitize the innerHTML
calls from the IconService
.
Currently, when using CSP with trusted types, an error will be thrown, since the
IconService
usesinnerHTML
. I propose a function for optional registering of a trusted policy to allow using trusted types.