禁止内联样式CSP和HTML元素的动态定位 [英] Banned inline style CSP and dynamic positioning of HTML elements

问题描述

一位客户已经改变了他们的CSP以禁止其服务器上的内联样式。据我所知，这意味着我们不能再使用JS动态定位/动画/设置HTML元素的样式，例如我们无法检测到DOM元素的位置，并通过JS定位另一个元素。

这是正确的吗？是否有解决方法让我们动态地使用此CSP限制来设置DOM元素？解析方案

在客户端上执行JavaScript。除非过滤软件非常聪明，否则您仍然可以添加动态内联样式，因为服务器不知道浏览器中发生了什么。但是，你不能做的是将内联样式添加到发送给客户端的HTML中。

A client has changed their CSP to ban inline styles on their server. As far as I can tell, this means that we can no longer use JS to dynamically position/animate/style HTML elements e.g. we can't detect the position of a DOM element and position another element next to it via JS.

Is this correct? Is there a workaround for us to dynamically animate DOM elements with this CSP restriction in place?

解决方案

JavaScript is executed on the client. Unless the filtering software is incredibly clever, you can still add dynamic inline styles as the server has no idea what's happening in the browser. What you can't do, however, is add inline styles as part of the HTML you send to the client.

这篇关于禁止内联样式CSP和HTML元素的动态定位的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！