Enable trusted-types

This commit adds a policy, and make use of it in the Content-Security-Policy. I've tested it the best I could, both on a modern browser supporting trusted-types (Chrome) and on one that doesn't (firefox). Thanks to @lweichselbaum for giving me a hand to wrap this up!
author: jvoisin <julien.voisin@dustri.org> 2024-03-18 00:45:41 +0100
committer: Frédéric Guillot <f@miniflux.net> 2024-03-20 17:50:37 -0700
commit: ed2077119491bcc198ae84df5b1b1ed6f13f78f1 (patch)
tree: 408252a9571f8b28a9fda14b9949bd73831a5d28 /internal/ui/static/static.go
parent: beb8c80787beadbfdb8b970368a3200f7d59f58e (diff)
download: v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.tar.gz
v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.tar.zst
v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/internal/ui/static/static.go b/internal/ui/static/static.go
index fd653b81..3ddff18d 100644
--- a/internal/ui/static/static.go
+++ b/internal/ui/static/static.go
@@ -113,6 +113,7 @@ func GenerateStylesheetsBundles() error {
 func GenerateJavascriptBundles() error {
 	var bundles = map[string][]string{
 		"app": {
+			"js/tt.js", // has to be first
 			"js/dom_helper.js",
 			"js/touch_handler.js",
 			"js/keyboard_handler.js",
author	jvoisin <julien.voisin@dustri.org>	2024-03-18 00:45:41 +0100
committer	Frédéric Guillot <f@miniflux.net>	2024-03-20 17:50:37 -0700
commit	ed2077119491bcc198ae84df5b1b1ed6f13f78f1 (patch)
tree	408252a9571f8b28a9fda14b9949bd73831a5d28 /internal/ui/static/static.go
parent	beb8c80787beadbfdb8b970368a3200f7d59f58e (diff)
download	v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.tar.gz v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.tar.zst v2-ed2077119491bcc198ae84df5b1b1ed6f13f78f1.zip