summaryrefslogtreecommitdiff
path: root/internal/ui/static/js/app.js
diff options
context:
space:
mode:
authorGravatar jvoisin <julien.voisin@dustri.org> 2024-03-18 00:45:41 +0100
committerGravatar Frédéric Guillot <f@miniflux.net> 2024-03-20 17:50:37 -0700
commited2077119491bcc198ae84df5b1b1ed6f13f78f1 (patch)
tree408252a9571f8b28a9fda14b9949bd73831a5d28 /internal/ui/static/js/app.js
parentbeb8c80787beadbfdb8b970368a3200f7d59f58e (diff)
downloadv2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.tar.gz
v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.tar.zst
v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.zip
Enable trusted-types
This commit adds a policy, and make use of it in the Content-Security-Policy. I've tested it the best I could, both on a modern browser supporting trusted-types (Chrome) and on one that doesn't (firefox). Thanks to @lweichselbaum for giving me a hand to wrap this up!
Diffstat (limited to 'internal/ui/static/js/app.js')
-rw-r--r--internal/ui/static/js/app.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/internal/ui/static/js/app.js b/internal/ui/static/js/app.js
index 00083b20..79ffb4b5 100644
--- a/internal/ui/static/js/app.js
+++ b/internal/ui/static/js/app.js
@@ -352,7 +352,7 @@ function handleFetchOriginalContent() {
response.json().then((data) => {
if (data.hasOwnProperty("content") && data.hasOwnProperty("reading_time")) {
- document.querySelector(".entry-content").innerHTML = data.content;
+ document.querySelector(".entry-content").innerHTML = ttpolicy.createHTML(data.content);
const entryReadingtimeElement = document.querySelector(".entry-reading-time");
if (entryReadingtimeElement) {
entryReadingtimeElement.textContent = data.reading_time;