Skip to content

Latest version requires unsafe-inline due to inline styles #4445

New issue
New issue
Open
#4611
Open
Latest version requires unsafe-inline due to inline styles#4445
#4611
Labels
help wantedtype/enhancementFeatures or improvements to existing features
@rupertbg

Description

@rupertbg
rupertbg
opened on Mar 23, 2023

Content Security Policies need to be set to 'unsafe-inline' to work with xterm.js. Older versions didn't use inline styles so this wasn't an issue.

Ideally xterm should stop using inline styles or support a user-provided nonce value that can be set in the CSP. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src

Details

  • Browser and browser version: all
  • OS version: all
  • xterm.js version: 5.1.0

Steps to reproduce

  1. Set a content security policy like "style-src 'self';"
  2. Make an xterm that has a resizable container
  3. Resizing causes CSP errors in the console.
  4. Resizing doesn't work properly

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedtype/enhancementFeatures or improvements to existing features

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions