Add Trusted Types support #62618
Replies: 5 comments
-
|
The pull request above is to add a tool called tsec to the linting process to check for Trusted Types violations. Going forward, I plan to create more pull requests to fix all of the violations detected by tsec. Also, tsec is not guaranteed to catch all violations, so I plan to find and fix violations that occur when running Next.js applications locally or from running unit/integration tests. After all of these violations are fixed, then application developers can choose to enforce Trusted Types without being blocked by the framework. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Moving this to |
Beta Was this translation helpful? Give feedback.
-
|
Afaik React already supports Trusted Types: https://github.com/facebook/react/pull/16157/files |
Beta Was this translation helpful? Give feedback.
-
|
Hmm, so does Next? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Describe the feature you'd like to request
Backstory and initial implementation can be found here: #13509
Describe the solution you'd like
As mentioned in #13509 Trusted Types helps prevent XSS attack, we're planning to add support for it in Next.js natively so that there is a default configuration.
Someone from the Chrome team is going to start working on adding Trusted Types to Next.js early January.
Beta Was this translation helpful? Give feedback.
All reactions