search

myforce / angularjs-dropdown-multiselect

AngularJS Dropdown Multiselect
http://myforce.github.io/angularjs-dropdown-multiselect/
MIT License
34 stars 28 forks source link

Style warning when using content security policy (CSP) #9

Closed TomJahncke closed 8 years ago

TomJahncke commented 8 years ago

Thank you for branching this libraries and continuing to keep it current.

My application is using content security policy (CSP). With CSP I have it setup to prevent inline CSS styles. This library in-lines two styles. (line 33: style="overflow: auto", line 39: style="width: 100%;")

The warning that is produced in the console log (Chrome) is: {code} angular.min.js:190 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-N6tSydZ64AHCaOWfwKbUhxXx2fRFDxHOaL3e3CO7GPI='), or a nonce ('nonce-...') is required to enable inline execution. {code}

I will attach a simple application that demonstrates this issue.

TomJahncke commented 8 years ago

multi-select-csp-issue.zip

pkempenaers commented 8 years ago

Hi,

I've fixed this. The fix is included in versions: 1.8.1, 1.7.2, 1.6.1, 1.5.1, 1.4.2, 1.3.10, 1.2.8, 1.1.6 (and up)

TomJahncke commented 8 years ago

Thank you so much for the fix and an amazing fast turnaround. I am now using version 1.8.1 and my issue has been addressed.