-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Content security policy violation #150
Comments
Yes, this is a known limitation. Should probably be documented better. Currently I have no better solution than to allow inline styles. |
Bootstrap javascript modules don't use inline styling then why should |
Bootstrap uses inline styling at the same places ember-bootstrap does, but does so programmatically using jQuery's This could be fixed by using jQuery for all inline styles, but that does not feel to be the right way of doing things in ember, and would not work in Fastboot. See also this thread: http://discuss.emberjs.com/t/binding-style-attribute-and-content-security-policy-best-practice/10921 This is a general problem in ember, not something specific to e-b. Would be glad if there would be an easy to use and elegant solution at sometime! |
If |
Yes, sure, but we need to set the style to set the height of the element. Always returning null will remove the style but also never set the height!? |
Here's the computed property right now: style: computed('collapseSize', function() {
let size = this.get('collapseSize');
let dimension = this.get('collapseDimension');
if (Ember.isEmpty(size)) {
return Ember.String.htmlSafe('');
}
return Ember.String.htmlSafe(`${dimension}: ${size}px`);
}) If style: computed('collapseSize', function() {
let size = this.get('collapseSize');
let dimension = this.get('collapseDimension');
if (Ember.isEmpty(size)) {
return null;
}
return Ember.String.htmlSafe(`${dimension}: ${size}px`);
}) There will be three scenarios in this case:
Scenario 1 means, the |
Scenario 1: Scenario 2+3 do not really apply, as |
Scenario 1 is more complicated than I thought. |
@simonihmig: Are you sure we encounter an issue in ember-fastboot if changing CSSOM directly? I'm asking cause this is how |
@jelhan depends on how/when this code is executed. When this is only triggered by lifecycle hooks like |
This has been fixed by #746 meanwhile. |
The presence of
attributeBindings: ['style']
in bs-collapse and bs-progress-bar violates content security policy ofstyle-src
for beingunsafe-inline
.The text was updated successfully, but these errors were encountered: