Hi,
I'm currently using element-resize-detector in a project that has strict Content Security Policy (CSP) requirements. I've encountered an issue with the injectScrollStyle method, which dynamically injects a <style> tag into the document. This approach conflicts with our CSP settings, which do not allow inline styles.
To resolve this issue and improve CSP compliance, I would like to propose the following enhancement:
- Support for Nonce Attribute: Allow users to specify a nonce attribute for the <style> tag injected by
injectScrollStyle. This would enable projects with CSP configurations that use nonces to permit the injected styles.
This enhancement would greatly improve the flexibility and security of using element-resize-detector in environments with strict CSP requirements.
Hi,
I'm currently using element-resize-detector in a project that has strict Content Security Policy (CSP) requirements. I've encountered an issue with the
injectScrollStylemethod, which dynamically injects a <style> tag into the document. This approach conflicts with our CSP settings, which do not allow inline styles.To resolve this issue and improve CSP compliance, I would like to propose the following enhancement:
injectScrollStyle. This would enable projects with CSP configurations that use nonces to permit the injected styles.This enhancement would greatly improve the flexibility and security of using element-resize-detector in environments with strict CSP requirements.