Skip to content
This repository was archived by the owner on Jul 25, 2022. It is now read-only.

avoid innerHTML in order to pass strict CSP-Header #107

Open
makrohard opened this issue Feb 6, 2021 · 2 comments
Open

avoid innerHTML in order to pass strict CSP-Header #107

makrohard opened this issue Feb 6, 2021 · 2 comments

Comments

@makrohard
Copy link

With a strict Content-Security-Policy Header: require-trusted-types-for 'script', the browser will not run scrollnav without a valid policy, because of the use of innerHTML. This can easily be replaced by appendChild.
@jimmynotjim
Copy link
Owner

Hey @makrohard really sorry about missing this, I don't get to work on this plugin much any more. I'm open to a PR if you have the time. Otherwise I'll try to get to it but no promises, my work and family life have unfortunately made it difficult to work on open source these days.

@makrohard
Copy link
Author

see #108

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jimmynotjim @makrohard