ngx-slider is not compatible with the default, recommended content-security-policy
roldengarm opened this issue · 1 comments
roldengarm commented
I've configured the recommended content-security-policy, and then I'm getting this error:
Failed to set the 'innerHTML' property on 'Element': This document requires 'TrustedHTML' assignment.
Our CSP is configured as per Angular's recommendation:
trusted-types angular angular#bundler; require-trusted-types-for 'script'; default-src 'self'; script-src 'self' 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' ; img-src 'self' blob: data:; manifest-src 'self'; media-src 'self'; frame-ancestors 'none'; form-action 'self
Even adding angular#unsafe-bypass
as trusted-type doesn't work. This is a security concern