mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

chore: enable Trusted Types in default app (#27453)

Browse source
This commit is contained in:
Milan Burda 2021-01-25 17:08:58 +01:00 committed by GitHub
parent d0c4a685fc
commit e7c201288c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
default_app/index.html
View file

@ -2,6 +2,7 @@
<head>
<title>Electron</title>
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types electron-default-app" />
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'sha256-6PH54BfkNq/EMMhUY7nhHf3c+AxloOwfy7hWyT01CM8='; style-src 'self'; img-src 'self'; connect-src 'self'" />
<link href="./styles.css" type="text/css" rel="stylesheet" />
<link href="./octicon/build.css" type="text/css" rel="stylesheet" />

7
default_app/preload.ts
View file

@ -1,10 +1,15 @@
import { ipcRenderer, contextBridge } from 'electron';
const policy = window.trustedTypes.createPolicy('electron-default-app', {
// we trust the SVG contents
createHTML: input => input
});
async function getOcticonSvg (name: string) {
try {
const response = await fetch(`octicon/${name}.svg`);
const div = document.createElement('div');
div.innerHTML = await response.text();
div.innerHTML = policy.createHTML(await response.text());
return div;
} catch {
return null;