Following the suggestions here, we’ve updated our site’s Content Security Policy (CSP) to allow the email protection, specifically script-src 'self' 'unsafe-inline' for the Scrape Shield feature. We’ve already been using nonce values throughout.
Seems odd that ‘unsafe-inline’ is the suggested fix for this feature, while later in the same article the use of this attribute is discouraged.
Anywhoo, our Chrome browsers are throwing this block now:
TypeError: Failed to set the ‘innerHTML’ property on ‘Element’: This document requires ‘TrustedHTML’ assignment.
at t (email-decode.min.js:1:175)
at n (email-decode.min.js:1:480)
at c (email-decode.min.js:1:611)
at i (email-decode.min.js:1:974)
at email-decode.min.js:1:1108
at email-decode.min.js:1:1236
Here’s information on the reason and source of the message and JS block event.
Can anyone explain how to circumnavigate this problem and continue using the email protection feature?
Thanks, Al