Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hashing Dynamic CSS #2

Open
tsotimus opened this issue Jul 11, 2024 · 1 comment
Open

Hashing Dynamic CSS #2

tsotimus opened this issue Jul 11, 2024 · 1 comment

Comments

@tsotimus
Copy link
Owner

tsotimus commented Jul 11, 2024
edited
Loading

Currently we are unable to hash css that gets injected at runtime.

Some common libraries that use this way of getting CSS into the DOM are styled-components, MUI and emotion.

Possible solutions to this issue could be:

  • Using the AST in Vite during build time to track down this CSS and hash all of it.
  • Use LinkeDOM a JSDOM alternative, to actually load the JS and CSS and then look for the CSS syntax in the DOM. This will be more accurate, however more heavy - especially when we have to account for lazy loading.
  • Using strict-dynamic inside the CSP

Any other ideas are welcome!

In the mean time an interesting blog post that argues unsafe-inline for CSS is okay under specific conditions
@getCryptoAddress getCryptoAddress mentioned this issue Nov 7, 2024
Merged
@sbernard31
Copy link

Maybe this could also help to make possible to avoid unsafe-inline with vuetify ? see : vuetifyjs/vuetify#15973

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbernard31 @tsotimus