Inline javascript code generated not compliant with CSP

  • Resolved alantansna

    (@alantansna)


    2 years ago

    Once the form is embedded as a shortcode, it generates many <script> tags on the body with template html in the body.

    eg. <script id=”tmpl-nf-layout” type=”text/template”>…</script>

    The only way around this is to include ‘unsafe-eval’ in the CSP to prevent errors.

    Will the developer be optimizing the code-base to be CSP friendly and omit:
    – Inline scripts tags
    – Inline script blocks for template codes
    and provide avenues for optmization like, allow user to define:
    – NONCE tags in all script tags generated by Ninja Forms

  • The topic ‘Inline javascript code generated not compliant with CSP’ is closed to new replies.