EmDash Image emits inline style attributes that violate strict CSP #1783
Closed
khoinguyenpham04
announced in
Roadmap
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
This Roadmap discussion mirrors #1602: EmDash Image emits inline style attributes that violate strict CSP.
Use this discussion to upvote the roadmap item and discuss priority, use cases, and product feedback. Keep implementation tracking, reproduction details, and PR-specific feedback on the source issue.
bug,bot:working,bot:bugOriginal Issue
Description
The
Imagecomponent fromemdash/uirenders inlinestyleattributes on<img>elements. In a site using Astro's strict CSP support with hashedstyle-src, these style attributes are blocked by the browser because hashes do not apply to style attributes unlessunsafe-hashes/style-src-attrpolicy changes are made.Example rendered output:
Expected behavior:
Imageshould support CSP-compatible rendering without inline style attributes, or expose an option to disable inline styles/placeholders so sites can use classes and attributes instead.Steps to reproduce
security.csp.Imagefromemdash/ui:<img style="...">attribute.Environment
Logs / error output
Beta Was this translation helpful? Give feedback.
All reactions