Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Given we patched lit to only fix a warning, let's pull an official release from an official source and live with that warning. Given that we can point to https://lit.dev/docs/templates/expressions/ and the fact that we don't use any of the
unsafe*
directives.(Spoiler: We dont even ship those anymore.)
Idea 1: Use lit-all-min.js:
Well the bundle comes from
https://cdn.jsdelivr.net/gh/lit/dist@3/all/lit-all.min.js
And the rules are clear about CDN's
It is unclear what the rule is, if lit is actually endorcing a cdn... 🤷 - This might be a good plan b.
Idea 2: Use NPM.
We cannot use the npm lit.js files directly. They are expecting to have a global resolving scope. i.e lit.js is importing "@lit/reactive-element". For this type of import we would need to use a source-map. They are blocked however due to the fact that every Webextension has a default csp
script-src "self"
. Even after changing the manifest csp to allow eval, the import map did not apply. I meed night file a bug... Also using nonce's are not allowed.Therefore!
Using a bundler is not forbidden. i.e there even is an official webpack plugin. So i quickly use rollup to create a loadable bundle when you do
npm install
.