Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Trusted Types #304

Closed
1 of 4 tasks
bjarkler opened this issue Aug 9, 2023 · 1 comment
Closed
1 of 4 tasks

Add support for Trusted Types #304

bjarkler opened this issue Aug 9, 2023 · 1 comment
Labels
enhancement

Comments

@bjarkler
Copy link

bjarkler commented Aug 9, 2023

Summary

I'm submitting a:

  • bug report
  • feature request
  • question / support request
  • other

Description

Trusted Types is a Content Security Policy feature that allows web application owners to guard against insecure usage of dangerous DOM APIs and prevent Cross-Site Scripting vulnerabilities. The default version of the reCAPTCHA library is not compatible with Trusted Types, but can be made compatible by adding &trustedtypes=true as a query parameter when loading the library.

Currently applications using ng-recaptcha cannot adopt Trusted Types because it doesn't seem possible to add that query parameter. To fix this I propose either always setting the parameter (there shouldn't be any downsides) or making it configurable as part of the ng-recaptcha interface.

I'd be happy to send a PR implementing this.
@DethAriel
Copy link
Owner

Hello @bjarkler! Thank you for submitting this, as well as providing the relevant documentation and code references!

This does indeed sound like a worthy addition with no visible downsides, so let me make this happen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DethAriel @bjarkler