|
|
|
|
|
|
by Eli_P
2453 days ago
|
|
|
There's another issue with Unicode: the same string can be encoded in many ways, which affects at least collation. On server side I deal with it with normalization[1]. I'm sure I can do it on the client with js but that just doesn't feel right. While rendering unsafe content still can be useful, I think Google better off added trusted-types as a tag attribute for WebComponents, like per-component CSP, and not into CSP header. [1] https://docs.python.org/3/library/unicodedata.html#unicodeda... |
|
|