fix(trusted-types): Use 'trusted-types/lib' #1073
Conversation
donmccurdy
changed the title
There was a problem hiding this comment.
This breaks the reproduction provided here:
#1035 (comment)
- Extract the archive.
npm inpm i @ngstack/translate- Edit
node_modules/dompurify/dist/purify.es.d.mtsto referencetrusted-types/libinstead oftrusted-types. npm run build:app
Error: node_modules/dompurify/dist/purify.es.d.mts:171:28 - error TS2304: Cannot find name 'TrustedTypePolicy'.
171 TRUSTED_TYPES_POLICY?: TrustedTypePolicy | undefined;
~~~~~~~~~~~~~~~~~
Error: node_modules/dompurify/dist/purify.es.d.mts:246:9 - error TS2304: Cannot find name 'TrustedHTML'.
246 }): TrustedHTML;
~~~~~~~~~~~
Error: node_modules/dompurify/dist/purify.es.d.mts:436:34 - error TS2339: Property 'trustedTypes' does not exist on type 'Window & typeof globalThis'.
436 trustedTypes?: typeof window.trustedTypes;
~~~~~~~~~~~~
|
cc @donmccurdy pretty please, and thank you, @reduckted |
|
Thanks @reduckted! Will have a look at this in the next few days. |
|
If we replace the triple-slash directive with this import in import type { TrustedHTML, TrustedTypePolicy, TrustedTypePolicyFactory } from 'trusted-types/lib';
...
type WindowLike = Pick<typeof globalThis, 'DocumentFragment' | 'HTMLTemplateElement' | 'Node' | 'Element' | 'NodeFilter' | 'NamedNodeMap' | 'HTMLFormElement' | 'DOMParser'> & {
...
trustedTypes?: TrustedTypePolicyFactory;
};... the reproduction above is fixed, as well as the issue described in my PR description above. I expect that we don't need the triple-slash directive for ESM code, and this is inside the Would it be reasonable to use triple-slash directives from |
|
@donmccurdy I think you've found the solution. I've created #1075 to assist with verifying the changes to the type declarations. I think we can even go one step better than modifying the type declarations as a post-build step, and instead actually import from In import type { TrustedTypePolicy } from 'trusted-types/lib';And in import type { TrustedHTML, TrustedTypesWindow } from 'trusted-types/lib';and change the @@ -2006,5 +2007,4 @@ export type WindowLike = Pick<
> & {
document?: Document;
MozNamedAttrMap?: typeof window.NamedNodeMap;
- trustedTypes?: typeof window.trustedTypes;
-};
+} & Pick<TrustedTypesWindow, 'trustedTypes'>;The import { TrustedTypePolicy, TrustedHTML, TrustedTypesWindow } from 'trusted-types/lib';and the same import appears in |
donmccurdy
force-pushed
the
fix/trusted-types-lib
branch
from
1749ce3 to
768ce79
Compare
|
@reduckted those test cases are an awesome addition, thank you! I've updated this PR to use ESM type imports in the source files as you suggested, and removed the |
|
Thanks everyone :) |
Summary
Replaces 'trusted-types' import with 'trusted-type/lib', as described at https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/trusted-types#library-usage.
Background & Context
In a private project (apologies, I've so far been unable to reproduce the issue in a standalone example) I'm seeing seemingly-unrelated errors from TypeScript after updating to dompurify@v3. The errors all seem related to Redux usage. For example:
It's not obvious to me how trusted-types would affect Redux or other types, but the only two ways I've found to avoid the error were to (1) make this change to dompurify, or (2) to use
package.json#resolutionsto point to a non-existent folder and prevent the installation of@type/trusted-typesin the first place. While@type/trusted-typesis an optional dependency, Yarn currently doesn't provide a real way to prevent installation of a specific optional dependency.Tasks
I've tested this in my own project with
yarn link, and it worked well, but I don't know what "compilation errors for certain configurations" refers to infix-types.js, so perhaps some testing is needed to make sure my changes do not cause those same errors?Thanks!