Search and Top Navigation
#15384 new bug ()
Opened July 13, 2020 09:16AM UTC
Last modified July 16, 2020 12:20PM UTC
CSP Violation ('style-src') in Postion.js
| Reported by: | manish2788 | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | none |
| Component: | ui.position | Version: | 1.12.1 |
| Keywords: | Cc: | manish2788 | |
| Blocked by: | Blocking: |
Description
When I invoke the method **scrollbarWidth** from position.js file, it throws CSP security violation error and blocks the execution.
scrollbarWidth method in postion.js is responsible for injecting html with inline styles which is against the CSP compliance for style-src.
My app restricts me to use any code which has CSP violation. Please find the code below which I have taken from position.js
$.position = {
scrollbarWidth: function() {
if ( cachedScrollbarWidth !== undefined ) {
return cachedScrollbarWidth;
}
var w1, w2,
div = $( "<div " +
"style='display:block;position:absolute;width:50px;height:50px;overflow:hidden;'>" +
"<div style='height:100px;width:auto;'></div></div>" ),
innerDiv = div.children()[ 0 ];
For demo purpose I am attaching a gist. Please find the link below:
https://gist.github.com/manish2788/6889806f714068a2fdcf5ef11214c9c5
\\\\
JS Bin : https://jsbin.com/nacizar/edit
**How to verify the issue in gist:**
Remove or comment following code
[var scrollBarWidth = $.position.scrollbarWidth();]
CSP error which I am printing will disappear
Can I expect a solution to this issue?
Attachments (0)
Change History (1)
Changed July 16, 2020 12:20PM UTC by comment:1
| cc: | → manish2788 |
|---|---|
| priority: | minor → major |