TypeError: attrValue.startsWith is not a function on Safe frontend when using Gateway in Chrome #53
Description
We're encountering a frontend runtime error when accessing the Safe web frontend through the Gateway service, but only in Chrome. Other browsers load the page without this issue. After debugging, the problem has been traced back to the injected script by Gateway that monkey-patches DOM attributes (e.g., src) for handling web3:// URLs.
Error Stack Trace (Chrome):
TypeError: attrValue.startsWith is not a function
at HTMLScriptElement.set [as src] ((index):121:24)
at d.l (webpack-64b37a80408c31da.js:1:5861)
at d.f.j (webpack-64b37a80408c31da.js:1:8212)
...
Caused by: React ErrorBoundary TypeError: attrValue.startsWith is not a function
Root Cause:
The following line in the injected script assumes that attrValue is always a string:
if (value.startsWith('web3://')) { ... }
However, attrValue can be non-string (e.g., functions), causing a TypeError in Chrome. This breaks the entire script execution.
Temporary Workaround:
Adding the following CSP meta tag in the HTML file allows the page to load successfully in Chrome:
<meta http-equiv="Content-Security-Policy"
content="default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;
connect-src 'self' https://safe-client.staging.5afe.dev w3link.io;
script-src-elem 'self' https://www.googletagmanager.com" />
However, this leads to broken functionality in some parts of the app.