Giters

1904labs / dom-to-image-more

Generates an image from a DOM node using HTML5 canvas

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Trusted Type API error for pages that rely on a private policy

zm-cttae opened this issue · comments

commented

Expected behavior

The solution in #71 (to get the default styles of a tag from an iframe) should consistently work..

Actual behavior (stack traces, console logs etc)

This document requires 'TrustedHTML' assignment.
(anonymous) @ VM77:951
VM77:951 Uncaught TypeError: Failed to execute 'write' on 'Document': This document requires 'TrustedHTML' assignment.
    at <anonymous>:951:44

(Looping in @joswhite - the StackOverflow solution needs patching)

Some websites (like the iframe for the invasive Chrome browser callout Google shows to Edge users) propogate a private, non-default Trusted Types API policy. Any attempts to write HTML strings to the DOM need to be wrapped by that policy.

This line throws an error in that case:

dom-to-image-more/src/dom-to-image-more.js

Line 1001 in 08a5329

sandbox.contentWindow.document.write('<!DOCTYPE html><meta charset="UTF-8"><title>sandbox</title><body>');

I didn't think people would be propagating a Trusted Types policy in a private variable.. this means #90 (comment) is a false expectation.

We can work around this by something like this:

            const charset = document.createElement('meta');
            charset.setAttribute('charset', document.characterSet || 'UTF-8');
            sandbox.contentDocument.head.appendChild(charset);
            sandbox.contentDocument.title = 'sandbox';

(The <title> tag is required in all valid HTML documents so lets add that too...)

Library version

From v2.10.1 to v2.13.1.

Browsers

  • Chrome 49+
  • Firefox 45+