Trusted Types CSP

[jkubiszewski]

Bug description

I'm trying to use a CSP rule with trusted-types and I have an error that I'm not able to fix with angular-fontawesome.

angular-fontawesome should support for the Trusted Types API so that it can be seamlessly integrated into applications that enforce trusted types for all DOM XSS injection sinks (such as innerHTML setters) via the require-trusted-types-for CSP directive. Trusted Types are now fully supported in major browsers such as Chrome and Edge.

I initially reported the error in angular-fontawesome, but was redirected here.

Reproducible test case

https://stackblitz.com/edit/stackblitz-starters-b8bgja?file=src%2Fmain.ts

Screenshots

Font Awesome version

v6.4.2

Serving

Other (as specified in the bug description)

Implementation

Other (as specified in the bug description)

Browser and Operating System

• Chrome 119 on Windows 11
• and any other possible

Web bug report checklist

• I have included a test case because my odds go way up that the team can fix this when I do
• I have searched for existing issues and to the best of my knowledge this is not a duplicate

[chris-putnam]

I ran into this same issue as well.

I tried adding trusted-types angular angular#bundler angular#unsafe-bypass; require-trusted-types-for 'script'; to my CSP but the error persisted

[robmadole]

Okay. We'll add this to the list but I will say that this is not likely to change as part of version 6 of Font Awesome. I'm also going to change this to a feature request instead of a bug.