[Bug]: Needs to replace HTML into TrustedHTML in elementFromString function.

[rafaelhovhannisyan24]

Affected Packages

core

Version(s)

2.6.6

Bug Description

const policy = window.trustedTypes.createPolicy('tiptap', {
createHTML: (input) => input,
createScript: (input) => input,
createScriptURL: (input) => input,
});

export function elementFromString(value: string): HTMLElement {
// add a wrapper to preserve leading and trailing whitespace
const wrappedValue = policy.createHTML(<body>${value}</body>)

const html = new window.DOMParser().parseFromString(wrappedValue, 'text/html').body

return removeWhitespaces(html)
}

Browser Used

Chrome

Code Example URL

No response

Expected Behavior

While using it on platform which has Trusted Types security concerns, Tiptap throughs following issue:

index.js:60354 This document requires 'TrustedHTML' assignment.

TypeError: Failed to execute 'parseFromString' on 'DOMParser': This document requires 'TrustedHTML' assignment. at elementFromString

Additional Context (Optional)

No response

Dependency Updates

• Yes, I've updated all my dependencies.

[rafaelhovhannisyan24]

Also in VueJS there is an update referring to issue described:

runtime-dom: Trusted Types compatibility 3.5.0-beta.1

[nperez0111]

I'm not familiar with this web API and it looks to be non-standard. So I'm unsure that we really need to support it.

It also is unclear what you want to do and what you would want changed

[rafaelhovhannisyan24]

https://developer.chrome.com/blog/trusted-types-on-youtube

https://web.dev/articles/trusted-types#fix_the_violations

[nperez0111]

This would need to be changed by prosemirror, our base library.

This looks like a lot of work to implement, I have no plans on supporting this at this time unless it is actually supported by other browsers.

[rafaelhovhannisyan24]

TipTap doesn't work in environments where a Trusted Types policy is enforced. It has nothing to do with browser support.

[nperez0111]

If it isn't implemented by other browsers, it does have to do with browser support.

If this is a requirement for you, feel free to contribute a PR for it. But I don't think that this is an issue with Tiptap so much as chrome making up APIs

[nperez0111]

It is also only a draft W3C spec, so I'm not going to spend the time on a non web standard just because you ask for it

[rafaelhovhannisyan24]

#5561. I fixed it. I didn't take much time to fix. I guess there will be some code clean up. Hope you'll do that easily.

[llusinepetrosyan]

@nperez0111 I also had same issue and seems @rafaelhovhannisyan24(thank you) fixed it on this pr - #5561
Can we speed up review/merge process please @nperez0111 ?