Trusted-Types Helper

This is mainly to enable TamperMonkey to continue using scripts that have `@require` dependencies on sites with a restrictive `Trusted-Types` policy. At least until TM v4.14 comes out, the milestone has already been added: https://github.com/Tampermonkey/tampermonkey/issues/1334#event-5361683856 \n Make sure this script is executed before the `@require`ing of any dependencies

当前为 2021-09-27 提交的版本,查看 最新版本

如何安装

您需要先安装一款用户脚本管理器扩展,例如 Tampermonkey 篡改猴Greasemonkey 油猴子Violentmonkey 暴力猴,才能安装此脚本。

您需要先安装一款用户脚本管理器扩展,例如 Tampermonkey 篡改猴,才能安装此脚本。

您需要先安装一款用户脚本管理器扩展,例如 Tampermonkey 篡改猴Violentmonkey 暴力猴,才能安装此脚本。

您需要先安装一款用户脚本管理器扩展,例如 Tampermonkey 篡改猴Userscripts ,才能安装此脚本。

您需要先安装一款用户脚本管理器扩展,例如 Tampermonkey 篡改猴,才能安装此脚本。

您需要先安装一款用户脚本管理器扩展后才能安装此脚本。

(我已经安装了用户脚本管理器,让我安装!)

如何安装

您需要先安装一款用户样式管理器扩展,比如 Stylus,才能安装此样式。

您需要先安装一款用户样式管理器扩展,比如 Stylus,才能安装此样式。

您需要先安装一款用户样式管理器扩展,比如 Stylus,才能安装此样式。

您需要先安装一款用户样式管理器扩展后才能安装此样式。

您需要先安装一款用户样式管理器扩展后才能安装此样式。

您需要先安装一款用户样式管理器扩展后才能安装此样式。

(我已经安装了用户样式管理器,让我安装!) 

// ==UserScript==
// @name		Trusted-Types Helper
// @version		0.1.0
// @description	This is mainly to enable TamperMonkey to continue using scripts that have `@require` dependencies on sites with a restrictive `Trusted-Types` policy. At least until TM v4.14 comes out, the milestone has already been added: https://github.com/Tampermonkey/tampermonkey/issues/1334#event-5361683856 \n Make sure this script is executed before the `@require`ing of any dependencies
// @namespace	bp
// @author		Benjamin Philipp <dev [at - please don't spam] benjamin-philipp.com>
// @include		*
// @run-at		document-start
// @noframes
// @grant		none
// ==/UserScript==

// How to work with Trusted Types: https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API

// This is mainly to enable TamperMonkey to continue using scripts that have `@require` dependencies on sites with a restrictive `Trusted-Types` policy. At least until TM v4.14 comes out, the milestone has already been added: https://github.com/Tampermonkey/tampermonkey/issues/1334#event-5361683856
// Make sure this script is executed before the `@require`ing of any dependencies

// Although TT is still an experimental feature, Google seems quite keen to enforce it already, albeit half-assedly, where supported. Ugh! >.<
// Right now, Chrome (stable) doesn't allow appending of TrustedHTML like `element.innerHTML += someTrustedHTML`, but requires you to create an element first using trusted types for contents, which is a total PITA, and I don't mean bread. hopefully that'll change.

// This script provides pass-through policies to try to enable you to do what ever you want with the DOM, while trying not to disturb any defaults in place.
// Basically, if you have to create your own Trusted Types (e.g. TrustedHTML), and if the site's CSP allows for the creation of new policies, you can use a permissive policy to wrap your strings into a Trusted Type, like TrustedHTML, which the browser will then allow you to assign to the DOM.
// Best case scenario: The site has no default policy set. This allows us to specify our own, in which we can then allow everything (pass-through); this will restore all ability to modify the DOM.
// If we have to create a custom policy, all contents have to be piped through the relevant function of the TT Policy, like `TTP.createHTML("unsafe string contents")`, which will then return trusted contents.

const overwrite_default = false; // If a default policy already exists, it might be best not to overwrite it, but to try and set a custom policy and use it to manually generate trusted types. Try at your own risk
const prefix = GM_info.script.name;
var passThroughFunc = function(string, sink){
	return string; // Anything passing through this function will be returned without change
}
var TTPName = "passthrough";
var TTP_default = TTP = {createHTML: passThroughFunc, createScript: passThroughFunc, createScriptURL: passThroughFunc}; // We can use TTP.createHTML for all our assignments even if we don't need or even have Trusted Types; this should make fallbacks and polyfills easy
var needsTrustedHTML = false;
function doit(){
	try{
		if(typeof window.isSecureContext !== 'unfefined' && window.isSecureContext){
			if (window.trustedTypes && window.trustedTypes.createPolicy){
				needsTrustedHTML = true;
				if(trustedTypes.defaultPolicy){
					log("TT Default Policy exists");
					if(overwrite_default)
						TTP = window.trustedTypes.createPolicy("default", TTP);
					else
						TTP = window.trustedTypes.createPolicy(TTPName, TTP); // Is the default policy permissive enough? If it already exists, best not to overwrite it
					TTP_default = trustedTypes.defaultPolicy;
					
					log("Created custom passthrough policy, in case the default policy is too restrictive: Use Policy '" + TTPName + "' in var 'TTP':", TTP);
				}
				else{
					TTP_default = TTP = window.trustedTypes.createPolicy("default", TTP);
				}
				log("Trusted-Type Policies: TTP:", TTP, "TTP_default:", TTP_default);
			}
		}
	}catch(e){
		log(e);
	}
}

function log(...args){
	if("undefined" != typeof(prefix) && !!prefix)
		args = [prefix + ":", ...args];
	if("undefined" != typeof(debugging) && !!debugging)
		args = [...args, new Error().stack.replace(/^\s*(Error|Stack trace):?\n/gi, "").replace(/^([^\n]*\n)/, "\n")];
	console.log(...args);
}

doit();