From ed2077119491bcc198ae84df5b1b1ed6f13f78f1 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Mon, 18 Mar 2024 00:45:41 +0100
Subject: Enable trusted-types

This commit adds a policy, and make use of it in the Content-Security-Policy.

I've tested it the best I could, both on a modern browser supporting
trusted-types (Chrome) and on one that doesn't (firefox).

Thanks to @lweichselbaum for giving me a hand to wrap this up!
---
 internal/ui/static/js/app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'internal/ui/static/js/app.js')

diff --git a/internal/ui/static/js/app.js b/internal/ui/static/js/app.js
index 00083b20..79ffb4b5 100644
--- a/internal/ui/static/js/app.js
+++ b/internal/ui/static/js/app.js
@@ -352,7 +352,7 @@ function handleFetchOriginalContent() {
 
         response.json().then((data) => {
             if (data.hasOwnProperty("content") && data.hasOwnProperty("reading_time")) {
-                document.querySelector(".entry-content").innerHTML = data.content;
+                document.querySelector(".entry-content").innerHTML = ttpolicy.createHTML(data.content);
                 const entryReadingtimeElement = document.querySelector(".entry-reading-time");
                 if (entryReadingtimeElement) {
                     entryReadingtimeElement.textContent = data.reading_time;
-- 
cgit v1.2.3