Question

I'm trying to set an element's background color using Javascript, and I have a Content Security Policy with style-src 'self'.

I'm able to do things like $(el).css("display", "none") from Javascript, but $(el).css("background-color", "#FFF") fails due to the CSP. The same happens when I try doing el.style.backgroundColor = "#FFF".

The #FFF is actually coming from the database, so I don't have a way of putting that into a static CSS file. Is there any way that I can set the background color dynamically without allowing all inline style?

Was it helpful?

Solution

The problem ended up being that el was inside a block managed by Tooltipster. Tooltipster clones the content of the tooltip before displaying it, so even though the style was actually set successfully on the original el, when the clone was inserted into the DOM, the browser saw that the element had a style tag, and blocked it.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top