-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Untrusted html usage #22
Comments
Do you get same error if you add .js extension to your script? |
No, it doesn't give any error because it's not running at all with the .js extension. You mean:
? If I change that line to styler.js, Monkey Patch won't tell me it would reload, like it didn't recognize it. (BTW I could find a get-around: instead of rewriting the style tag's innerHTML, I just insert a new style node with the new rules (document.head.appendChild()). It works without errors.) |
OMG, this sounds bad: |
Still not 100% on this, but looks like I'm having issues from this possibly—my style hot reloader script (placed a link element to the css file in head, similar to customize-ui) broke, Version:
Top of <head>
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' https: data: blob: vscode-remote-resource:; media-src 'none'; frame-src 'self' vscode-webview:; object-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' https: ws:; font-src 'self' https: vscode-remote-resource:;">
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types default TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookOutputRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
<link rel="stylesheet" type="text/css" data-name="vs/workbench/workbench.desktop.main" href="file:///Applications/Visual%20Studio%20Code%20-%20Insiders.app/Contents/Resources/app/out/vs/workbench/workbench.desktop.main.css"><link rel="stylesheet" type="text/css" href="file:///Users/<USER>/Library/Application Support/Code - Insiders/User/globalStorage/iocave.customize-ui/modules/customize-ui.css" media="all">
<!-- ... --> |
I get the following error when I try to modify the HTML (just replacing an inline style tag (vscode-tokens-styles)):
[uncaught exception]: Error: UNTRUSTED html usage, default trusted types policy should NEVER be reached
I have a very simple script included with Monkey Patch:
This script only modifies that inline style, it does nothing else. No dependencies. It worked for quite a long time now with Monkey Patch, but recently I get the error message above.
It's possible that this is nothing to do with Monkey Patch, more of some policy changes in vscode, then I'm sorry for bringing it up. (I couldn't find out what are that trusted types yet, tried to Google it, but I just find very confusing, unclear descriptions.)
The text was updated successfully, but these errors were encountered: