(삭제된 사용자 1321067) 작성 댓글: Please help. Javascript code failure in latest Chrome (TrustedHTML assignment)에 대한 댓글 항목이 2024-11-27 에 스팸 사유로 신고되었습니다.
In the latest Chrome (or Brave),
after navigating to the page https://www.youtube.com/,
execute the following code in the DevTools Console.
document.createElement('div').innerHTML = 'Hello World.';The code cannot be executed due to
TypeError: Failed to set the 'innerHTML' property on 'Element': This document requires 'TrustedHTML' assignment.However, the same code can be executed in private window mode.
Anyone knows the solution for this issue?
This issue occurs due to Chrome's stricter security policies, specifically around content being flagged as potentially unsafe. The "TrustedHTML" error is part of a mechanism designed to prevent XSS (Cross-Site Scripting) attacks by enforcing the use of a secure API when assigning HTML.
To resolve this, you can explicitly use the trustedTypes API. Here’s an example:
javascript
Копировать код
const policy = trustedTypes.createPolicy('default', {
createHTML: (string) => string,
});
document.createElement('div').innerHTML = policy.createHTML('Hello World.');
This will ensure the innerHTML property is assigned safely. However, ensure you trust the source of the string being assigned.
If you're working on a larger project that involves dynamic content rendering, you might want to consider consulting professionals for secure implementation. I had a great experience with DevBrother, especially for outsource node js development. Their expertise in building scalable and secure applications could help ensure your project avoids similar issues and adheres to best practices.
이 신고는 관리자에 의해 인정되었습니다.