1. Feedback
  2. Angular
  3. 29012

Welcome to the Angular feedback portal. We’re happy you’re here! If you have feedback on how to improve the Angular, we’d love to hear it!

  • Check out the features or bugs others have reported and vote on your favorites. Feedback will be prioritized based on popularity.
  • If you have feedback that’s not listed yet, submit your own.

Thanks for joining our community and helping improve Syncfusion products!

3
Votes

Data Grid Paging - Content Security Policy is violated for script-src (unsafe-inline)

Hi,

We are using Angular Grid component ejs-grid in our project.

Recently we enabled our Content Security Policy (CSP) to disallow inline JavaScripts. Concretelly we set Content Security Policy like this:

<meta http-equiv="Content-Security-Policy"
content="default-src https: 'unsafe-inline' data:;
script-src 'self' 'unsafe-eval' https:">

When we enabled "paging" feature in ejs-grid component the Content Security Policy is violated because of inline JavaScript (when click on some page in paging bar of grid component)

To demostrate the CSP violation I used your example of Data Grid Paging and put Content Security Policy in Stackblitz:

https://ej2.syncfusion.com/angular/demos/#/material/grid/paging

See attached screenshot to see what I mean by CSP violation when paging the Data Grid results. Screenshot:

https://www.syncfusion.com/downloads/support/directtrac/342921/ze/scriptsrcunsafeinlinegrid_2e3ea834

sample: https://stackblitz.com/edit/angular-wy5hrd-h2jcdf?file=app.component.ts