Trusted types violation in analytics/src/helpers.ts #7048
Description
Describe your environment
- Operating System version: any
- Browser version: Chrome
- Firebase SDK version: 8.3.1
- Firebase Product: Analytics
Describe the problem
Google Flutter web apps using Firebase plugins that rely on Firebase analytics JS are receiving browser error reports through the TrustedTypes browser APIs. Specifically, the script injection code in insertScriptTag is not adhering to the standards and is causing errors to be logged.
Steps to reproduce:
- Create an example app
- Enable trusted types enforcement, e.g. by adding:
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'" /> - Load page, and look for errors in the JS console
A similar issue was reported and fixed in the FlutterFire plugin at firebase/flutterfire#10311 - it shows an example of adding a trusted types policy.
Also see internal Google issue b/265347604 for more details.