Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FAQ] Inline Style-attribute rejected #4

Open
bnomei opened this issue Aug 28, 2018 · 2 comments
Open

[FAQ] Inline Style-attribute rejected #4

bnomei opened this issue Aug 28, 2018 · 2 comments
Assignees
@bnomei
Labels
FAQ

Comments

@bnomei
Copy link
Owner

bnomei commented Aug 28, 2018
edited
Loading

Question
With default setup my style attributes are rejected. how to fix this?

Answer 1
Create a custom snippet and allow unsafe inline. Not a very good idea.

Answer 2
Use CSS Object Model (CSSOM) to set style. Do this by storing at adata-attribute and apply with jQuery/Zepto.
https://stackoverflow.com/questions/24713440/banned-inline-style-csp-and-dynamic-positioning-of-html-elements/29089970#29089970

json string in data attr
NOTE: json string needs " so wrap in '.

<div id="special" data-style='{ "backgroundColor": "#8EE", "fontSize": 28 }'>...</div>

jquery/zepto
https://api.jquery.com/css/#css-properties
https://zeptojs.com/#css

var specialStyle = JSON.parse($('#special').attr('data-style'));
elem.css(specialStyle);
$('[data-style]').each(function (idx, ele) {
  let data = $(ele).attr('data-style')
  if (data !== undefined && data.length > 0) {
    let style = JSON.parse(data)
    $(ele).css(style)
  }
})
@bnomei bnomei added wontfix This will not be worked on FAQ labels Aug 28, 2018
@bnomei bnomei self-assigned this Dec 7, 2018
@bnomei bnomei changed the title [FAQ] style attribute rejected [FAQ] Style-attribute rejected Dec 7, 2018
@bnomei bnomei changed the title [FAQ] Style-attribute rejected [FAQ] Inline Style-attribute rejected Feb 9, 2020
@bnomei
Copy link
Owner Author

bnomei commented Apr 4, 2020

or with alpine.js
x-data="{color: 'red'}" x-init="$el.style.color = color"

@bnomei bnomei removed the wontfix This will not be worked on label Feb 12, 2022
@Joobs
Copy link

Joobs commented Oct 18, 2023

This is the JS snippet I used:

document.addEventListener("DOMContentLoaded", () => {

  // For CSP headers we can't use inline styles, so have to do this work around
  // https://github.com/bnomei/kirby3-security-headers/issues/4
  // NOTE: json string needs " so wrap in '.
  // <div id="special" data-style='{ "backgroundColor": "#8EE", "fontSize": 28 }'>...</div>
  
  const elements = document.querySelectorAll("[data-style]");

  // Loop through the selected elements
  elements.forEach((ele) => {
    const data = ele.getAttribute("data-style");

    if (data !== null && data.length > 0) {
      const style = JSON.parse(data);

      // Apply the inline styles to the element
      for (const prop in style) {
        if (Object.hasOwnProperty.call(style, prop)) {
          ele.style[prop] = style[prop];
        }
      }
    }
  });

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bnomei bnomei

Labels
FAQ
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Joobs @bnomei