Strict Content Security Policy (CSP) not possible due inline CSS #50417
Labels
CSS Styling
Related to editor and front end styles, CSS-specific issues.
Global Styles
Anything related to the broader Global Styles efforts, including Styles Engine and theme.json
[Type] Enhancement
A suggestion for improvement.
Comments
ramonjd
added
[Type] Enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What problem does this address?
Right now it's very hard, nearly impossible, to add a strict Content Security Policy (CSP) when inline styles (style="..." attributes) are used (https://content-security-policy.com/examples/allow-inline-style/).
Besides this, there are other arguments for not using style attributes:
Specificity
Inline styles have the highest specificity and only
!importantrule can override this.Principle of separation of content from presentation
See this issue: Move away from inline styles
What is your proposed solution?
Moving all CSS from style attributes to a
<style>element or a CSS file. For example:Change:
<p style="font-style:normal;font-weight:700">Lorum ipsum</p>To something like this:
<p class="has-normal-font-style has-700-font-weight">Lorum ipsum</p>The text was updated successfully, but these errors were encountered: