Skip to content
GitLab
    • Explore Projects Groups Snippets
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • C create-react-app
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,547
    • Issues 1,547
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 417
    • Merge requests 417
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Meta
  • create-react-app
  • Merge requests
  • !12089

Use textContent instead of innerHTML when assigning script

  • Review changes

  • Download
  • Email patches
  • Plain diff
Open Administrator requested to merge github/fork/shhnjk/main into main 3 years ago
  • Overview 1
  • Commits 1
  • Pipelines 0
  • Changes 1

Created by: shhnjk

Currently, packages/react-error-overlay/src/index.js has a code where script is assigned using innerHTML. This causes a problem in document under Trusted Types enforcement, because assignment to innerHTML requires TrustedHTML, but resulting html will be treated as script and therefore requires TrustedScript.

This change modifies script assignment using textContent which wouldn't require TrustedHTML, and therefore TrustedScript can be assigned (through default policy in Trusted Types).

Note: further change would be required if this library wants to be compatible with Trusted Types. However, this change only aims to allow this library to operate using default policy (which is not ideal but just a work around).

Activity

  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply

There are currently no pipelines.

To run a merge request pipeline, the jobs in the CI/CD configuration file must be configured to run in merge request pipelines.

0 Assignees
None
Assign to
0 Reviewers
None
Request review from
Labels
2
CLA Signed tag: underlying tools
2
CLA Signed tag: underlying tools
    Assign labels
  • Manage project labels

Milestone
3.3
3.3
None
Time tracking
No estimate or time spent
Lock merge request
Unlocked
0
0 participants
Reference: facebook/create-react-app!7986
Source branch: github/fork/shhnjk/main

Menu

Explore Projects Groups Snippets