Closed clouser closed 3 years ago
I will check how many internal styles there are and why and get back to you.
My tests reveal that aside from the contextmenu plugin and the DND plugin, there are no inline styles (there is a worker too but that can be either part of the CSP or disabled). I may have missed something - let me know which plugins you use so that I can see what is wrong.
Hello. I have a requirement to add the following Content Security Policy mega tag to my application, but when I do I see errors in the browser console because the jsTree plugin uses inline styles. Are there any plans to remove inline styles from the plugin so applications can use CSP without the need to add unsafe-inline into their CSP tag?
<meta http-equiv="Content-Security-Policy" content="script-src 'self'; style-src 'self';">