diff --git a/packages/core/src/utilities/createStyleTag.ts b/packages/core/src/utilities/createStyleTag.ts index ef07e1032a..d2a5460a0c 100644 --- a/packages/core/src/utilities/createStyleTag.ts +++ b/packages/core/src/utilities/createStyleTag.ts @@ -12,7 +12,7 @@ export function createStyleTag(style: string, nonce?: string, suffix?: string): } styleNode.setAttribute(`data-tiptap-style${suffix ? `-${suffix}` : ''}`, '') - styleNode.innerHTML = style + styleNode.textContent = style document.getElementsByTagName('head')[0].appendChild(styleNode) return styleNode diff --git a/packages/core/src/utilities/elementFromString.ts b/packages/core/src/utilities/elementFromString.ts index 93ae51af81..3a35852517 100644 --- a/packages/core/src/utilities/elementFromString.ts +++ b/packages/core/src/utilities/elementFromString.ts @@ -14,9 +14,37 @@ const removeWhitespaces = (node: HTMLElement) => { return node } +let policy = { + createHTML: (input: any) => input, + createScript: (input: any) => input, + createScriptURL: (input: any) => input, +} + +try { + // @ts-ignore + // eslint-disable-next-line no-undef + policy = globalThis.trustedTypes.createPolicy('tiptap', { + createHTML: (input: any) => input, + createScript: (input: any) => input, + createScriptURL: (input: any) => input, + }) +} catch (error) { + // @ts-ignore + // eslint-disable-next-line no-undef + if (window.trustedTypes) { + // @ts-ignore + // eslint-disable-next-line no-undef + policy = window.trustedTypes.createPolicy('tiptap', { + createHTML: (input: any) => input, + createScript: (input: any) => input, + createScriptURL: (input: any) => input, + }) + } +} + export function elementFromString(value: string): HTMLElement { // add a wrapper to preserve leading and trailing whitespace - const wrappedValue = `${value}` + const wrappedValue = policy.createHTML(`${value}`) const html = new window.DOMParser().parseFromString(wrappedValue, 'text/html').body