Custom trusted types in Angular project

Question

Custom trusted types in Angular project

247 views Asked by Schnikles At 18 September 2024 at 16:43

I have a spot in my Angular application where I do not want the Angular sanitizer to sanitize my content. My goal is to create a custom trusted type policy in my angular project. But I could not figure out what is the best practice to create one, store them and use them in code later.

I know it works by using (window as any) And doing I was doing it in a separate trusted-types-service:

export class TrustedTypesService {
  readonly fooPolicy: any;

  constructor() {
    this.fooPolicy = (window as any).trustedTypes.createPolicy('foo', (bar) => {
      // ideally some sanitizing by e.g. DOM Purify
      return bar;
    });
  }
}

But is this the right and best way to do it?

I'd appreciate any help. Thank you :)

Original Q&A

There are 1 answers

**Schnikles** · Accepted Answer · 2023-03-09 06:32:17

The best way I found out to do it is the following:

export class TrustedTypesService {
  public readonly domPurify: TrustedTypePolicy;

  constructor() {
    // If browser does not support TTs => Tinyfill
    if (window.trustedTypes == undefined) {
      (window as any).trustedTypes = {
          createPolicy: (_name: string, rules: TrustedTypePolicyOptions) => rules
      };
    }

    // Creating the policy
    this.domPurify = window.trustedTypes.createPolicy('dom-purify', {
      createHTML: (input) => DOMPurify.sanitize(input,
        {
          USE_PROFILES: { html: true },
          RETURN_TRUSTED_TYPE: true
        }),
      createScript: (input) => *handle script sanitization*,
      ...
    });
  }
}

TechQA.

Custom trusted types in Angular project

There are 1 answers

Related Questions in ANGULAR

Related Questions in CONTENT-SECURITY-POLICY

Related Questions in WEBSECURITY

Related Questions in TRUSTED-TYPES

Popular Questions

Popular Tags

Trending Questions