Scriptlets icon indicating copy to clipboard operation
Scriptlets copied to clipboard
verified publisher icon AdguardTeam

Improve 'trusted-create-element' — add 'trusted-types' policy

Open AdamWr opened this issue 6 months ago • 0 comments

Similar to https://github.com/AdguardTeam/Scriptlets/issues/457 but about trusted-create-element.

Steps to reproduce:

  1. Add this rule:
youtube.com#%#//scriptlet('trusted-create-element', 'head', 'script', '', 'alert(1)')
  1. Go to - https://www.youtube.com/

Alert message should be displayed but adding a script is blocked by Trusted Types.

Screenshot

Image

Adding trustedTypes.createPolicy to scriptlet probably should fixes it.

Issue occurs in Chromium based browsers but doesn't occur in Firefox because it doesn't support Trusted Types API.

AdamWr avatar Jun 16 '25 11:06 AdamWr