Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p-image: Fix inline style not compliant with Strict CSP policy #15993

Closed
jlfrances opened this issue Jul 10, 2024 · 0 comments · Fixed by #15994
Closed

p-image: Fix inline style not compliant with Strict CSP policy #15993

jlfrances opened this issue Jul 10, 2024 · 0 comments · Fixed by #15994
Labels
Type: Bug Issue contains a bug related to a specific component. Something about the component is not working
Milestone
17.18.4

Comments

@jlfrances
Copy link

jlfrances commented Jul 10, 2024
edited
Loading

Describe the bug

When using the p-image component, there is a hardcoded inline style using style attribute.
If the project is using Strict Content-Security-Policy, this leads to an error.

Environment

.

Reproducer

No response

Angular version

17.3.10

PrimeNG version

17.18.3

Build / Runtime

Angular CLI App

Language

TypeScript

Node version (for AoT issues node --version)

v20.5.1

Browser(s)

No response

Steps to reproduce the behavior

  1. Implement Strict Content Security Policy (using NONCE or HASH) in the Angular + PrimeNG application
  2. Use p-image as main component
  3. When the project and the component are loaded, you'll see the following error:
    image

Note that writeDirectStyle() is a function from Angular Core that set the style attribute to an HTML element.

Right after the following breakpoint is when the error is raised:
image

Solution

Move the hardcoded style to ngStyle attribute, in the same component (image.ts).
image

Expected behavior

No response
@jlfrances jlfrances added the Status: Needs Triage Issue will be reviewed by Core Team and a relevant label will be added as soon as possible label Jul 10, 2024
jlfrances pushed a commit to jlfrances/primeng that referenced this issue Jul 10, 2024
@josefranconv
Fixed primefaces#15993
da4f3ba 
Image: Fix inline style not compliant with Strict CSP policy
jlfrances pushed a commit to jlfrances/primeng that referenced this issue Jul 10, 2024
@josefranconv
Fixed primefaces#15993 - Image: Fix inline style not compliant with S…
c24e3ac 
…trict CSP policy
@jlfrances jlfrances mentioned this issue Jul 10, 2024
Merged
@cetincakiroglu cetincakiroglu added this to the 17.18.4 milestone Jul 10, 2024
@cetincakiroglu cetincakiroglu added Type: Bug Issue contains a bug related to a specific component. Something about the component is not working and removed Status: Needs Triage Issue will be reviewed by Core Team and a relevant label will be added as soon as possible labels Jul 10, 2024
@cetincakiroglu cetincakiroglu mentioned this issue Jul 10, 2024
Closed
25 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Issue contains a bug related to a specific component. Something about the component is not working
Projects
None yet
Milestone
17.18.4
Development

Successfully merging a pull request may close this issue.

p-image: Fix inline style not compliant with Strict CSP policy jlfrances/primeng
3 participants
@jlfrances @cetincakiroglu @mehmetcetin01140