You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This string is inherently safe because it's authored in this codebase and does not include any user-supplied data. However, if a server has a Trusted Types CSP policy, it would throw an error here.
One strategy Lit uses is to set their own custom TrustedTypes policy: lit/lit#1772
I'm a little hesitant to do this though until the API gains wider browser adoption. It's been Chromium-only for years, and the standards positions from WebKit/Firefox seem inconclusive: WebKit/standards-positions#186mozilla/standards-positions#20
The text was updated successfully, but these errors were encountered:
We set
innerHTML
here:emoji-picker-element/src/picker/components/Picker/utils.js
Lines 15 to 16 in ddb6aa3
This string is inherently safe because it's authored in this codebase and does not include any user-supplied data. However, if a server has a Trusted Types CSP policy, it would throw an error here.
One strategy Lit uses is to set their own custom TrustedTypes policy: lit/lit#1772
I'm a little hesitant to do this though until the API gains wider browser adoption. It's been Chromium-only for years, and the standards positions from WebKit/Firefox seem inconclusive: WebKit/standards-positions#186 mozilla/standards-positions#20
The text was updated successfully, but these errors were encountered: