Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: change
.innerHTML
to .textContent
for CSP compliance
I think we should use `textContent` to reduce CSP (Content Security Policy) requirements. If we add CSP `require-trusted-types-for 'script'`, then it blocks `innerHTML` unless it's `TrustedHTML`, however in the case of this lib's usage, we can simply replace the `innerHTML` with `textContent` which has the exact same effect and is more CSP compliant For reference, you can see this [PR](vitejs/vite#10801) on the Vite project, they've done the exact same code change.
- Loading branch information