search

sibiraj-s / ngx-editor

🖋️ Rich Text Editor for angular using ProseMirror
https://sibiraj-s.github.io/ngx-editor/
MIT License
423 stars 182 forks source link

[Bug]: Some formatting functions will result in CSP exceptions #504

Closed gs-scooter closed 3 months ago

gs-scooter commented 6 months ago

What happened?

When using the editor within an Angular component, a content security policy exception is thrown in the browser if any of these functions are chosen in the editor:

The issue is that attempting any of these functions will try to add a style attribute to a DOM element. The CSP exception will then break functionality.

Version

v16.0.1

Angular Version

v16.2.2

What browsers are you seeing the problem on?

Chrome

Link to reproduce

No response

Relevant log output

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-XXXXXXXXX' fonts.googleapis.com cdnjs.cloudflare.com". Either the 'unsafe-inline' keyword, a hash ('sha256-C8oNnV7QJNwOdkv12C9sTrLv3O9tgEE8jtcA5AQhZ+0='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

Willing to submit a PR?

No

sibiraj-s commented 3 months ago

Sorry for the delayed reply.

Some styles are in-lined by prosemirror. I guess unsafe inline has to allowed and there are no workarounds for this.

github-actions[bot] commented 2 months ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in the thread.