Critical Script tags being contributed on Web UI bundles loaded as ES modules are not executed. This happens because the HTML is loaded as a string and then inserted to the innerHTML of a template. However, according to the docs:
Although this may look like a cross-site scripting attack, the result is harmless. HTML5 specifies that a <script> tag inserted with innerHTML should not execute.
We should look for alternatives to fix this. For example, the HTML imports polyfill clones every script and appends it again to the header to make them run (see code).
- depends on
-
ELEMENTS-1289 Introduce helper to load inline HTML
-
- Resolved
-
- Is referenced in
(2 Is referenced in)
