Skip to content
This repository has been archived by the owner on Aug 1, 2024. It is now read-only.

Commit

Permalink
Make bubble innerHTML assignment Trusted Types compatible.
Browse files Browse the repository at this point in the history 
The ineerHTML assignment of the string '&nbsp' was causing Trusted Types violations. To fix this violation we are switching to use the safe alternative of setting ineerHTML, goog.dom.safe.setInnerHtmlFromConstant.
RELNOTES: Make bubble innerHTML assignment Trusted Types compatible.

PiperOrigin-RevId: 398546522
Change-Id: I21ac2c7d887f459ef6b0a40d4de484e54fe013be
  • Loading branch information
@copybara-github
Closure Team authored and copybara-github committed Sep 23, 2021
1 parent ba7c8d7 commit 83aa32c
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
4 changes: 3 additions & 1 deletion closure/goog/ui/editor/BUILD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,18 +26,20 @@ closure_js_library(
"//closure/goog/asserts",
"//closure/goog/dom",
"//closure/goog/dom:classlist",
"//closure/goog/dom:safe",
"//closure/goog/dom:tagname",
"//closure/goog/dom:viewportsizemonitor",
"//closure/goog/editor:style",
"//closure/goog/events:eventhandler",
"//closure/goog/events:eventtarget",
"//closure/goog/events:eventtype",
"//closure/goog/functions",
"//closure/goog/html:safehtml",
"//closure/goog/log",
"//closure/goog/math:box",
"//closure/goog/object",
"//closure/goog/positioning",
"//closure/goog/string",
"//closure/goog/string:const",
"//closure/goog/style",
"//closure/goog/ui:component",
"//closure/goog/ui:popupbase",
Expand Down
5 changes: 4 additions & 1 deletion closure/goog/ui/editor/bubble.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ goog.require('goog.dom');
goog.require('goog.dom.TagName');
goog.require('goog.dom.ViewportSizeMonitor');
goog.require('goog.dom.classlist');
goog.require('goog.dom.safe');
goog.require('goog.editor.style');
goog.require('goog.events.EventHandler');
goog.require('goog.events.EventTarget');
Expand All @@ -32,6 +33,7 @@ goog.require('goog.positioning.Corner');
goog.require('goog.positioning.Overflow');
goog.require('goog.positioning.OverflowStatus');
goog.require('goog.string');
goog.require('goog.string.Const');
goog.require('goog.style');
goog.require('goog.ui.Component');
goog.require('goog.ui.PopupBase');
Expand Down Expand Up @@ -108,8 +110,9 @@ goog.ui.editor.Bubble = function(parent, zIndex) {
*/
this.closeBox_ = this.dom_.createDom(goog.dom.TagName.DIV, {
'className': goog.getCssName('tr_bubble_closebox'),
'innerHTML': ' '
});
goog.dom.safe.setInnerHtmlFromConstant(
this.closeBox_, goog.string.Const.from(' '));
this.bubbleContents_.appendChild(this.closeBox_);

// We make bubbles unselectable so that clicking on them does not steal focus
Expand Down

0 comments on commit 83aa32c

Please sign in to comment.