Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting innerHTML of <style> elements will cause issues with trusted types #3117

Open
terrymun opened this issue Sep 11, 2024 · 0 comments
Open

Setting innerHTML of <style> elements will cause issues with trusted types #3117

terrymun opened this issue Sep 11, 2024 · 0 comments

Comments

@terrymun
Copy link

Bug report

Current Behavior

There are several Radix UI Primitives that rely on dangerouslySetInnerHtml to inject content into <style> tags, for example the <ScrollArea> (see code) and <Select> (see code) components.

This causes issues in React apps that has set trusted types in their CSP headers.

p/s: Not all browsers support the trusted types CSP header yet.

Expected behavior

Using these components should not cause warnings in browsers that support trusted types CSP headers serving a React App with such headers set.

Suggested solution

  • Find alternatives to using dangerouslySetInnerHtml to set inline styles
  • Use DOMPurify (but that comes at a cost of using a very heavy library)

Your environment

Software Name(s) Version
Radix Package(s) @radix-ui/react-scroll-area, @radix-ui/react-select Latest on both
React n/a 19 (via Next.js)
Browser Chrome 128
Assistive tech n/a n/a
Node n/a 20.14.0
pnpm n/a 9.10.0
Operating System macOS Sonoma (14.6.1)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@terrymun