CKEditor5 Violates Content Security Policy Due to Inline Styles #16359
Labels
resolution:duplicate
This issue is a duplicate of another issue and was merged into it.
type:bug
This issue reports a buggy (incorrect) behavior.
📝 Provide detailed reproduction steps (if any)
Getting console error for CSP when below meta tags are included in html.
#
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self'; style-src 'self'; " />
When trying to upload image, copy paste formatted text etc
✔️ Expected result
No error should be there
❌ Actual result
error on console.
❓ Possible solution
Can we have flag to turn on / off csp. If CSP is turned on features that doesn't support CSP should not be active.
📃 Other details
[
Alignment,
Autoformat,
BlockQuote,
Bold,
Copy,
Cut,
DefaultFont,
Essentials,
FindAndReplace,
Font,
FontBackgroundColor,
FontColor,
FontFamily,
FontSize,
FormatPainter,
GeneralHtmlSupport,
Heading,
HorizontalLine,
Image,
ImageCaption,
ImageInsert,
ImageStyle,
ImageUpload,
Indent,
IndentBlock,
Italic,
Link,
List,
Maximize,
Paragraph,
PasteBase64,
PasteFromOffice,
PasteFromOfficeEnhanced,
PasteHandler,
Paste,
Preview,
RemoveFormat,
SelectAll,
SpecialCharacters,
SpecialCharactersArrows,
SpecialCharactersCurrency,
SpecialCharactersEssentials,
SpecialCharactersLatin,
SpecialCharactersMathematical,
SpecialCharactersText,
Strikethrough,
Subscript,
Superscript,
Table,
TableCellProperties,
TableColumnResize,
TableProperties,
TableToolbar,
TextTransformation,
Underline
];
If you'd like to see this fixed sooner, add a 👍 reaction to this post.
The text was updated successfully, but these errors were encountered: