Trusted Type API error for pages that rely on a private policy
zm-cttae opened this issue · comments
Expected behavior
The solution in #71 (to get the default styles of a tag from an iframe) should consistently work..
Actual behavior (stack traces, console logs etc)
This document requires 'TrustedHTML' assignment.
(anonymous) @ VM77:951
VM77:951 Uncaught TypeError: Failed to execute 'write' on 'Document': This document requires 'TrustedHTML' assignment.
at <anonymous>:951:44
(Looping in @joswhite - the StackOverflow solution needs patching)
Some websites (like the iframe for the invasive Chrome browser callout Google shows to Edge users) propogate a private, non-default Trusted Types API policy. Any attempts to write HTML strings to the DOM need to be wrapped by that policy.
This line throws an error in that case:
dom-to-image-more/src/dom-to-image-more.js
Line 1001 in 08a5329
I didn't think people would be propagating a Trusted Types policy in a private variable.. this means #90 (comment) is a false expectation.
We can work around this by something like this:
const charset = document.createElement('meta');
charset.setAttribute('charset', document.characterSet || 'UTF-8');
sandbox.contentDocument.head.appendChild(charset);
sandbox.contentDocument.title = 'sandbox';
(The <title> tag is required in all valid HTML documents so lets add that too...)
Library version
Browsers
- Chrome 49+
- Firefox 45+