To harden an app's content security policy, one may need to pass a nonce to the <style> tag to whitelist that inline style for strict CSP policies; this app just hardcodes a <style> tag with no nonce so it doesn't allow providing one. Would be great if that weren't the case!
To harden an app's content security policy, one may need to pass a
nonce
to the<style>
tag to whitelist that inline style for strict CSP policies; this app just hardcodes a<style>
tag with no nonce so it doesn't allow providing one. Would be great if that weren't the case!