diff options
| author |  jvoisin <julien.voisin@dustri.org>
| 2024-03-18 00:45:41 +0100 |
|---|---|---|
| committer |  Frédéric Guillot <f@miniflux.net>
| 2024-03-20 17:50:37 -0700 |
| commit | ed2077119491bcc198ae84df5b1b1ed6f13f78f1 (patch) | |
| tree | 408252a9571f8b28a9fda14b9949bd73831a5d28 /internal/ui/static/js/app.js | |
| parent | beb8c80787beadbfdb8b970368a3200f7d59f58e (diff) | |
| download | v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.tar.gz v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.tar.zst v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.zip | |
Enable trusted-types
This commit adds a policy, and make use of it in the Content-Security-Policy.
I've tested it the best I could, both on a modern browser supporting
trusted-types (Chrome) and on one that doesn't (firefox).
Thanks to @lweichselbaum for giving me a hand to wrap this up!
Diffstat (limited to '')
| -rw-r--r-- | internal/ui/static/js/app.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/internal/ui/static/js/app.js b/internal/ui/static/js/app.js index 00083b20..79ffb4b5 100644 --- a/internal/ui/static/js/app.js +++ b/internal/ui/static/js/app.js @@ -352,7 +352,7 @@ function handleFetchOriginalContent() { response.json().then((data) => { if (data.hasOwnProperty("content") && data.hasOwnProperty("reading_time")) { - document.querySelector(".entry-content").innerHTML = data.content; + document.querySelector(".entry-content").innerHTML = ttpolicy.createHTML(data.content); const entryReadingtimeElement = document.querySelector(".entry-reading-time"); if (entryReadingtimeElement) { entryReadingtimeElement.textContent = data.reading_time; |