Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for CSSStyleSheet instance in DomRenderer for CSP enabled applications without relying on nonce #1666

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add support for CSSStyleSheet instance in DomRenderer for CSP enabled applications without relying on nonce #1666

wants to merge 2 commits into from

Commits on Nov 22, 2024

  1. Add support for CSSStyleSheet instance in DomRenderer without relying… 

    … solely on nonce

This commit adds support for using a `CSSStyleSheet` instance provided by the user in the `DomRenderer` class. This enhancement allows JSS to inject styles directly into a `CSSStyleSheet` instance, which is particularly useful in CSP enabled applications where inline styles are restricted and the nonce value is not exposed.

- Updated the constructor of `DomRenderer` to accept a `CSSStyleSheet` instance as the `insertionPoint`.
- Modified the `insertStyle` method to handle `CSSStyleSheet` instances.
- Maintained support for nonce while providing an alternative for environments where the nonce value is not exposed.

This change improves the flexibility and security of style injection in JSS.
    Rohit Kumar committed Nov 22, 2024
    Configuration menu
    Copy the full SHA
    6c359d6 View commit details
    Browse the repository at this point in the history

  2. Update documentation to include CSSStyleSheet instance usage for CSP … 

    …support

This commit updates the documentation to include instructions for using a `CSSStyleSheet` instance with JSS in Content Security Policy (CSP) enabled applications. This addition complements the improvement introduced in this pull request by providing detailed guidance for secure style injection without relying solely on nonce attributes.

- Added a new section, **Using a `CSSStyleSheet` instance for secure style injection**, under **Configuring Content Security Policy**.
- Included an example demonstrating how to create and use a `CSSStyleSheet` instance with JSS.
- Documented the benefits and notes of using a `CSSStyleSheet` instance as an alternative to nonce-based CSP compliance.

To enhance user understanding and provide clear instructions on leveraging the newly introduced feature for improved flexibility and security in CSP-enabled environments.
    Rohit Kumar committed Nov 22, 2024
    Configuration menu
    Copy the full SHA
    492cdc7 View commit details
    Browse the repository at this point in the history