Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Needs to replace HTML into TrustedHTML in elementFromString function. #5559

Closed
1 task done
rafaelhovhannisyan24 opened this issue Aug 27, 2024 · 9 comments
Closed
1 task done
Labels
Category: Open Source The issue or pull reuqest is related to the open source packages of Tiptap. Info: Wont Fix The issue or pullrequest will not be fixed Type: Bug The issue or pullrequest is related to a bug

Comments

@rafaelhovhannisyan24
Copy link

Affected Packages

core

Version(s)

2.6.6

Bug Description

const policy = window.trustedTypes.createPolicy('tiptap', {
createHTML: (input) => input,
createScript: (input) => input,
createScriptURL: (input) => input,
});

export function elementFromString(value: string): HTMLElement {
// add a wrapper to preserve leading and trailing whitespace
const wrappedValue = policy.createHTML(<body>${value}</body>)

const html = new window.DOMParser().parseFromString(wrappedValue, 'text/html').body

return removeWhitespaces(html)
}

Browser Used

Chrome

Code Example URL

No response

Expected Behavior

While using it on platform which has Trusted Types security concerns, Tiptap throughs following issue:

index.js:60354 This document requires 'TrustedHTML' assignment.

TypeError: Failed to execute 'parseFromString' on 'DOMParser': This document requires 'TrustedHTML' assignment. at elementFromString

Additional Context (Optional)

No response

Dependency Updates

  • Yes, I've updated all my dependencies.
@rafaelhovhannisyan24 rafaelhovhannisyan24 added Category: Open Source The issue or pull reuqest is related to the open source packages of Tiptap. Type: Bug The issue or pullrequest is related to a bug labels Aug 27, 2024
@github-project-automation github-project-automation bot moved this to Triage open in Tiptap Aug 27, 2024
@rafaelhovhannisyan24
Copy link
Author

Also in VueJS there is an update referring to issue described:

runtime-dom: Trusted Types compatibility 3.5.0-beta.1

@nperez0111
Copy link
Contributor

I'm not familiar with this web API and it looks to be non-standard. So I'm unsure that we really need to support it.

It also is unclear what you want to do and what you would want changed

@nperez0111
Copy link
Contributor

This would need to be changed by prosemirror, our base library.

This looks like a lot of work to implement, I have no plans on supporting this at this time unless it is actually supported by other browsers.

@github-project-automation github-project-automation bot moved this from Triage open to Done in Tiptap Aug 27, 2024
@nperez0111 nperez0111 added the Info: Wont Fix The issue or pullrequest will not be fixed label Aug 27, 2024
@rafaelhovhannisyan24
Copy link
Author

TipTap doesn't work in environments where a Trusted Types policy is enforced. It has nothing to do with browser support.

@nperez0111
Copy link
Contributor

image

If it isn't implemented by other browsers, it does have to do with browser support.

If this is a requirement for you, feel free to contribute a PR for it. But I don't think that this is an issue with Tiptap so much as chrome making up APIs

@nperez0111
Copy link
Contributor

It is also only a draft W3C spec, so I'm not going to spend the time on a non web standard just because you ask for it

@rafaelhovhannisyan24
Copy link
Author

#5561. I fixed it. I didn't take much time to fix. I guess there will be some code clean up. Hope you'll do that easily.

@llusinepetrosyan
Copy link

@nperez0111 I also had same issue and seems @rafaelhovhannisyan24(thank you) fixed it on this pr - #5561
Can we speed up review/merge process please @nperez0111 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Category: Open Source The issue or pull reuqest is related to the open source packages of Tiptap. Info: Wont Fix The issue or pullrequest will not be fixed Type: Bug The issue or pullrequest is related to a bug
Projects
Status: Done
Development

No branches or pull requests

3 participants