I'm building an extension for Google Chat that I want to use to generate my own auto-replies instead of using the built-in suggested auto-replies. However, I seem to be running into an issue. Due to problems with XSS vulnerabilities, my environment seems to be blocking me.
// Await the response from the API upon button click
async function handleClick() {
let textInput = document.getElementById("T2Ybvb0"); // chat bar
const regex = /.*/i;
const htmlPolicy = trustedTypes.createPolicy("textChange", {
createHTML: (string) => string.replace(regex, "Test Google Chat injection"),
});
const trustedHTML = htmlPolicy.createHTML("<p>I love scrambled eggs!</p>");
console.log(trustedHTML instanceof TrustedHTML);
textInput.innerHTML = trustedHTML;
console.log(textInput);
}
The above code is what I'm using to test a text replacement in the chat bar. trustedHTML returns true as being a type of TrustedHTML but I still can't seem to assign it to the innerHTML of textInput. Any suggestions? I was looking into DOMPurify, but I'm not exactly sure how to get it working with an import statement.
