Javascript inline style CSP violation
I'm currently implementing CSP in our Rails application, we use a library called SplitText VERSION: 0.6.1 from https://greensock.com/SplitText/ and I'm having some issues.
The code from this library is in a .js file and it's imported and used by other components.
Is there a way of using a nonce for local imported libraries similar to what is applied to script tags when loading remote sources?
Or is it possible to ignore CSP violations coming from a specific file?
I don't want to use unsafe-inline
The SplitText vendor informed us that they use this pattern for performance reasons and have no intention of modifying this behaviour. https://greensock.com/forums/topic/34053-splittext-inline-style-content-security-policy-violation
Here's a good explanation of why this javascript violates the inline-style rule "inline-style"-Error with Content Security Policy and Javascript and how it could be prevented.
The way we can work around this issue is to use the unsafe-hashes header with the respective sha256 hash.
- Chunk downloading of the big files right to the hard drive
- My custom CSS transition animation is not working on hover after I added AOS JS library
- how to get the Google analytics client ID
- Toggle vue-multiselect close/open on button click
- Best way to filter an objects's properties for data
- Passing function with arguments as a prop and invoking it internally in React
- Outlook calendar don't render with FullCalendar
- Is there a way to validate and allow only https url's using .isUri i.e. without using Regex in JavaScript?
- How to clear react native webview cookies?
- Skipping a test in Cypress conditionally
- How can I get all the HTML in a document or node containing shadowRoot elements
- Typescript: No index signature with a parameter of type 'string' was found on type '{ "A": string; }
- Retain Twitter Bootstrap Collapse state on Page refresh/Navigation
- How to get "Results per Row" (from a 'clicked entry' off a "dropdown menu") to show up correctly?
- Is there is a C# function which is similar to .Map() in JavaScript?
- How to trigger SVG render same as manual DOM edit in Chrome using JS?
- How do I test a Node.JS Script that is not a module and runs as soon as it's called?
- Set element width based on a string that is not in the element
- Testing JavaScript Written for the Browser in Node JS
- Where are the trailing commas coming from in these radio buttons?
- How to verify a signature from the Phantom wallet?
- How to get the value of a Google Chrome flag using Javascript
- event.preventDefault cannot block clipboard paste in chatgpt.com prompt box
- Should I use ref or findDOMNode to get react root dom node of an element?
- Disable button for 5 seconds with different label and change after it
- JavaScript - Get all but last item in array
- React-Redux: Should all component states be kept in Redux Store
- Is it possible to use Closure Compiler ADVANCED_OPTIMIZATIONS with jQuery?
- Capture selected option returns not defined instead
- Uncaught TypeError: matchExpr[type].exec is not a function