Skip to main content
Question

CSP require-trusted-types-for 'script' header issue


Hi team,

We're implementing the require-trusted-types-for 'script'; header in our app and have set up a default Trusted Types policy. However, the Intercom widget script fails on the following line:

e.documentElement.innerHTML = t,
with
Uncaught TypeError: Failed to set the 'innerHTML' property on 'Element': This document requires 'TrustedHTML' assignment.
 

Has anyone encountered this issue before? Any suggestions on how to work around it while keeping Trusted Types enforcement?

Thanks!


 

3 replies

Nathan Sudds
Expert User ✨
Forum|alt.badge.img+5
  • Top Expert
  • 313 replies
  • March 19, 2025

@nikosp  I’m wondering if you’ve looked at the details here in the article about Using Intercom with CSP , this seems like it should help identify the Intercom domains as safe but not sure if it resolves the InnerHTML issue. 

If not, please report back here so the Intercom team can have a look into the issue further. 

I did see others having this issue with other frameworks and apps using InnerHTML, there may be ways around it but potentially those are not as safe so hopefully this solution from Intercom will help or they can update it with more info for Trusted Types as well. 

Hope this helps!


  • Author
  • New Participant
  • 1 reply
  • March 19, 2025

@Nathan Sudds Thanks for the response,
I have read the article about using Intercom with CSP, but unfortunately, it does not address my issue.

The problem occurs because require-trusted-types-for 'script'; enforces Trusted Types, as a result direct string assignments to innerHTML (like e.documentElement.innerHTML = t) fail.


Nathan Sudds
Expert User ✨
Forum|alt.badge.img+5
  • Top Expert
  • 313 replies
  • March 19, 2025

@nikosp this may be something the Intercom team need to address then and maybe update the article as well. 

 

In case it's helpful, I also sent you a DM with some potential solutions that I'm not 100% sure about so not posting them here in the community directly at the moment.  

 

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings