From fa7c4b0169164610aabe6cc2800d59645007f091 Mon Sep 17 00:00:00 2001
From: Andy Weiss <andy.weiss@joinozone.com>
Date: Fri, 9 Sep 2022 10:40:25 -0400
Subject: [PATCH] Fix require-trusted-types-for

---
 .changeset/yellow-apricots-tan.md    | 5 +++++
 packages/builder/src/builder.spec.ts | 6 ++++++
 packages/builder/src/builder.ts      | 6 +++---
 packages/builder/src/utils.ts        | 1 +
 4 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 .changeset/yellow-apricots-tan.md

diff --git a/.changeset/yellow-apricots-tan.md b/.changeset/yellow-apricots-tan.md
new file mode 100644
index 0000000..d012727
--- /dev/null
+++ b/.changeset/yellow-apricots-tan.md
@@ -0,0 +1,5 @@
+---
+"@strict-csp/builder": patch
+---
+
+Make require-trusted-types-for produce a valid header
diff --git a/packages/builder/src/builder.spec.ts b/packages/builder/src/builder.spec.ts
index 2d41ca1..0303b5e 100644
--- a/packages/builder/src/builder.spec.ts
+++ b/packages/builder/src/builder.spec.ts
@@ -99,4 +99,10 @@ describe("CSP Builder", () => {
     const expectBuilder = new CspBuilder().withStrictDynamic(hashes);
     expect(expectBuilder.csp()).toEqual(fixtureBuilder.csp());
   });
+
+  it("can quotes script in require-trusted-types-for correctly", () => {
+    const fixtureBuilder = new CspBuilder(`require-trusted-types-for 'script';`);
+    const expectBuilder = new CspBuilder().withDirectives({"require-trusted-types-for": ["script"]});
+    expect(expectBuilder.toString()).toEqual(fixtureBuilder.toString());
+  });
 });
diff --git a/packages/builder/src/builder.ts b/packages/builder/src/builder.ts
index 9c0e549..3d780d3 100644
--- a/packages/builder/src/builder.ts
+++ b/packages/builder/src/builder.ts
@@ -41,7 +41,7 @@ export class CspBuilder {
         const isCspHeader = param[0] === CSP_HEADER;
         const isCspReportOnlyHeader = param[0] === CSP_HEADER_REPORT_ONLY;
         if (!(isCspHeader || isCspReportOnlyHeader)) {
-          this._csp = empty;
+          this._csp = {...empty};
         } else {
           this._csp = {
             directives: fromCspContent(param[1]),
@@ -58,7 +58,7 @@ export class CspBuilder {
         };
       }
     } else {
-      this._csp = empty;
+      this._csp = {...empty};
     }
   }
 
@@ -212,7 +212,7 @@ export class CspBuilder {
   }
 
   public reset() {
-    this._csp = empty;
+    this._csp = {...empty};
   }
 
   public isEmpty() {
diff --git a/packages/builder/src/utils.ts b/packages/builder/src/utils.ts
index fbeff1f..fe53994 100644
--- a/packages/builder/src/utils.ts
+++ b/packages/builder/src/utils.ts
@@ -19,6 +19,7 @@ const singleQuotify = (directiveValue: string) => `'${directiveValue}'`;
 
 const isLiteralDirectiveValue = (directiveValue: string) => {
   const c1 = [
+    "script",
     "strict-dynamic",
     "report-sample",
     "self",