From 165f50e9e3c29e377d6b7dd4985a7469963c124e Mon Sep 17 00:00:00 2001
From: David Iglesias Teixeira <ditman@gmail.com>
Date: Fri, 12 Jan 2024 18:13:31 -0800
Subject: [PATCH] [web] Leave blob URLs untouched in TT policy.

---
 lib/web_ui/flutter_js/src/trusted_types.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/web_ui/flutter_js/src/trusted_types.js b/lib/web_ui/flutter_js/src/trusted_types.js
index 76db604dbaf17..eeeef9a1ba16d 100644
--- a/lib/web_ui/flutter_js/src/trusted_types.js
+++ b/lib/web_ui/flutter_js/src/trusted_types.js
@@ -20,6 +20,11 @@ export class FlutterTrustedTypesPolicy {
     if (window.trustedTypes) {
       this.policy = trustedTypes.createPolicy(policyName, {
         createScriptURL: function (url) {
+          // Return blob urls without manipulating them
+          if (url.startsWith('blob:')) {
+            return url;
+          }
+          // Validate other urls
           const parsed = new URL(url, window.location);
           const file = parsed.pathname.split("/").pop();
           const matches = patterns.some((pattern) => pattern.test(file));