fix: CSP with unsafe-eval
detection with Trusted Types (#27446)
This commit is contained in:
parent
4a5c5843c4
commit
64b7be751a
3 changed files with 63 additions and 3 deletions
39
typings/internal-ambient.d.ts
vendored
39
typings/internal-ambient.d.ts
vendored
|
@ -272,6 +272,7 @@ declare interface Window {
|
|||
}
|
||||
};
|
||||
ResizeObserver: ResizeObserver;
|
||||
trustedTypes: TrustedTypePolicyFactory;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -323,3 +324,41 @@ interface ResizeObserverEntry {
|
|||
*/
|
||||
readonly contentRect: DOMRectReadOnly;
|
||||
}
|
||||
|
||||
// https://w3c.github.io/webappsec-trusted-types/dist/spec/#trusted-types
|
||||
|
||||
type TrustedHTML = string;
|
||||
type TrustedScript = string;
|
||||
type TrustedScriptURL = string;
|
||||
type TrustedType = TrustedHTML | TrustedScript | TrustedScriptURL;
|
||||
type StringContext = 'TrustedHTML' | 'TrustedScript' | 'TrustedScriptURL';
|
||||
|
||||
// https://w3c.github.io/webappsec-trusted-types/dist/spec/#typedef-trustedtypepolicy
|
||||
|
||||
interface TrustedTypePolicy {
|
||||
createHTML(input: string, ...arguments: any[]): TrustedHTML;
|
||||
createScript(input: string, ...arguments: any[]): TrustedScript;
|
||||
createScriptURL(input: string, ...arguments: any[]): TrustedScriptURL;
|
||||
}
|
||||
|
||||
// https://w3c.github.io/webappsec-trusted-types/dist/spec/#typedef-trustedtypepolicyoptions
|
||||
|
||||
interface TrustedTypePolicyOptions {
|
||||
createHTML?: (input: string, ...arguments: any[]) => TrustedHTML;
|
||||
createScript?: (input: string, ...arguments: any[]) => TrustedScript;
|
||||
createScriptURL?: (input: string, ...arguments: any[]) => TrustedScriptURL;
|
||||
}
|
||||
|
||||
// https://w3c.github.io/webappsec-trusted-types/dist/spec/#typedef-trustedtypepolicyfactory
|
||||
|
||||
interface TrustedTypePolicyFactory {
|
||||
createPolicy(policyName: string, policyOptions: TrustedTypePolicyOptions): TrustedTypePolicy
|
||||
isHTML(value: any): boolean;
|
||||
isScript(value: any): boolean;
|
||||
isScriptURL(value: any): boolean;
|
||||
readonly emptyHTML: TrustedHTML;
|
||||
readonly emptyScript: TrustedScript;
|
||||
getAttributeType(tagName: string, attribute: string, elementNs?: string, attrNs?: string): StringContext | null;
|
||||
getPropertyType(tagName: string, property: string, elementNs?: string): StringContext | null;
|
||||
readonly defaultPolicy: TrustedTypePolicy | null;
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue