Skip to main content

Content Security Policy Nonces

Since 1.5.0

In order to prevent certain XSS (Cross-Site Scripting) attacks a CSP can be implemented. Depending on the CSP configuration in place inline styles and scripts can be forbidden. By applying a CSP nonce such elements can be explicitly allowed even if they would violate the CSP otherwise.

With version 3 the Web Component compiler Stencil (used to build all of our components) introduced support for CSP nonces. For details on how to use them please read the official Stencil docs on the topic.