You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
document.addEventListener("DOMContentLoaded", () => {
// For CSP headers we can't use inline styles, so have to do this work around
// https://github.com/bnomei/kirby3-security-headers/issues/4
// NOTE: json string needs " so wrap in '.
// <div id="special" data-style='{ "backgroundColor": "#8EE", "fontSize": 28 }'>...</div>
const elements = document.querySelectorAll("[data-style]");
// Loop through the selected elements
elements.forEach((ele) => {
const data = ele.getAttribute("data-style");
if (data !== null && data.length > 0) {
const style = JSON.parse(data);
// Apply the inline styles to the element
for (const prop in style) {
if (Object.hasOwnProperty.call(style, prop)) {
ele.style[prop] = style[prop];
}
}
}
});
Question
With default setup my style attributes are rejected. how to fix this?
Answer 1
Create a custom snippet and allow unsafe inline. Not a very good idea.
Answer 2
Use CSS Object Model (CSSOM) to set style. Do this by storing at a
data
-attribute and apply with jQuery/Zepto.https://stackoverflow.com/questions/24713440/banned-inline-style-csp-and-dynamic-positioning-of-html-elements/29089970#29089970
json string in data attr
NOTE: json string needs
"
so wrap in'
.jquery/zepto
https://api.jquery.com/css/#css-properties
https://zeptojs.com/#css
The text was updated successfully, but these errors were encountered: