Hi team,
We're implementing the require-trusted-types-for 'script'; header in our app and have set up a default Trusted Types policy. However, the Intercom widget script fails on the following line:
e.documentElement.innerHTML = t,
with
Uncaught TypeError: Failed to set the 'innerHTML' property on 'Element': This document requires 'TrustedHTML' assignment.
Has anyone encountered this issue before? Any suggestions on how to work around it while keeping Trusted Types enforcement?
Thanks!
+5
If not, please report back here so the Intercom team can have a look into the issue further.
I did see others having this issue with other frameworks and apps using InnerHTML, there may be ways around it but potentially those are not as safe so hopefully this solution from Intercom will help or they can update it with more info for Trusted Types as well.
Hope this helps!
I have read the article about using Intercom with CSP, but unfortunately, it does not address my issue.
The problem occurs because require-trusted-types-for 'script'; enforces Trusted Types, as a result direct string assignments to innerHTML (like e.documentElement.innerHTML = t) fail.
+5
In case it's helpful, I also sent you a DM with some potential solutions that I'm not 100% sure about so not posting them here in the community directly at the moment.
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
