Add default trusted types policy #24455

dannimad · 2025-04-24T22:24:19Z

Adding a default Trusted Types policy to prevent warning messages in supported browsers, which were triggered by innerHTML usage in Docusaurus-generated output. Some content is still injected as plain strings even after adding webpack config. By adding a default policy that simply returns the original string, we suppress these warnings without affecting runtime behavior. This is safe because our content is static and known at build time.

Copilot

Pull Request Overview

This PR adds a default Trusted Types policy to suppress innerHTML warning messages in browsers, ensuring that static content injected from Docusaurus remains safe and warning-free.

Added a new JavaScript file that creates a default Trusted Types policy
Updated the Docusaurus configuration to load the new policy script

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File	Description
docs/static/trusted-types-policy.js	Introduces a policy that returns the input string unchanged
docs/docusaurus.config.ts	Adds script configuration to inject the Trusted Types policy

Files not reviewed (1)

docs/static/staticwebapp.config.json: Language not supported

Abe27342

ok with this as a stepping stone/confirmation that trusted types can be configured this way in our build system. Before closing out the item though IMO we need something a bit stricter.

github-actions · 2025-04-25T20:23:24Z

🔗 No broken links found! ✅

Your attention to detail is admirable.

linkcheck output


> fluid-framework-docs-site@0.0.0 ci:check-links /home/runner/work/FluidFramework/FluidFramework/docs
> start-server-and-test "npm run serve -- --no-open" 3000 check-links

1: starting server using command "npm run serve -- --no-open"
and when url "[ 'http://127.0.0.1:3000' ]" is responding with HTTP status code 200
running tests using command "npm run check-links"


> fluid-framework-docs-site@0.0.0 serve
> docusaurus serve --no-open

[SUCCESS] Serving "build" directory at: http://localhost:3000/

> fluid-framework-docs-site@0.0.0 check-links
> linkcheck http://localhost:3000 --skip-file skipped-urls.txt

Crawling...

Stats:
  164989 links
    1316 destination URLs
    1547 URLs ignored
       0 warnings
       0 errors

dannimad added 3 commits April 24, 2025 13:50

default trusted types policy

d6aa8e6

default to headers

0b8b7b0

remove console logs

023372b

Copilot AI review requested due to automatic review settings April 24, 2025 22:24

Copilot AI reviewed Apr 24, 2025

View reviewed changes

github-actions bot added area: website base: main PRs targeted against main branch labels Apr 24, 2025

format

b9747d9

Abe27342 approved these changes Apr 24, 2025

View reviewed changes

dannimad added 4 commits April 24, 2025 16:04

cjs

64103ee

ts

0f0629c

back to js

786008c

nit js

22ca899

dannimad enabled auto-merge (squash) April 25, 2025 21:09

Abe27342 approved these changes Apr 25, 2025

View reviewed changes

dannimad merged commit 64c4683 into main Apr 25, 2025
53 checks passed

dannimad deleted the default-ttm branch April 25, 2025 21:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add default trusted types policy #24455

Add default trusted types policy #24455

dannimad commented Apr 24, 2025

Copilot AI left a comment

Abe27342 left a comment

github-actions bot commented Apr 25, 2025

Add default trusted types policy #24455

Add default trusted types policy #24455

Conversation

dannimad commented Apr 24, 2025

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Abe27342 left a comment

Choose a reason for hiding this comment

github-actions bot commented Apr 25, 2025

linkcheck output