DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Inline HTML violating CSP

Inline HTML violating CSP

srosamsrosam Posts: 2Questions: 1Answers: 0
in Free community support

in _fnApplyToChildren there is a style being applied to a div that's generated in the javascript.

style="height:0;overflow:hidden;"

height 0 and overflow hidden are also set in the dataTables_sizing CSS class.

Are both needed?

I have removed the in-line ones to stop the CSP errors however can anyone tell me if the inline ones are actually needed?

Thanks.

Answers

  • allanallan Posts: 63,872Questions: 1Answers: 10,527 Site admin

    Forgive my ignorance, what is CSP?

    Allan

  • srosamsrosam Posts: 2Questions: 1Answers: 0

    no problem. im new to it too.. its Content Security Policy

    Helps to prevent cross site scripting attacks (XSS)

    https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

  • allanallan Posts: 63,872Questions: 1Answers: 10,527 Site admin

    Thanks for the link. I'm not quite clear on how the inline styles trigger any issues with it though?

    The style you mention is used to ensure that the styling required for scrolling is applied. It could be done in a stylesheet for certain - but this was a way to make sure that it did happen since it is required for correct rendering (at least in some browsers!).

    Allan

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.