Skip to main content
All docs
V24.2
JS

DevExpress v24.2 Update — Your Feedback Matters

Our What's New in v24.2 webpage includes product-specific surveys. Your response to our survey questions will help us measure product satisfaction for features released in this major update and help us refine our plans for our next major release.

Take the survey Not interested

RichEditBuilder.Nonce(String) Method

Specifies the nonce attribute for the HTML markup the Rich Text Editor generates.

Namespace: DevExpress.AspNetCore.RichEdit

Assembly: DevExpress.AspNetCore.RichEdit.v24.2.dll

NuGet Package: DevExpress.AspNetCore.RichEdit

#Declaration

C#
public RichEditBuilder Nonce(
    string nonce
)

#Parameters

Name Type Description
nonce String

A cryptographic nonce (“number used once”).

#Returns

Type Description
RichEditBuilder

An object that can be used to further configure the Rich Text Editor.

#Remarks

Content Security Policy (CSP) is an additional layer of security built into most modern browsers. The CSP defines a list of policies and initial values that determine which resources your site allows or restricts. This security layer helps browsers to recognize and mitigate certain types of attacks, such as Cross-Site Scripting (XSS) and data injection attacks.

Content Security Policy blocks in-line styles that the Rich Text Editor uses. Specify the control’s Nonce property to add the Rich Text Editor’s in-line styles to the allowed list and run the control in an application with CSP enabled. Refer to the following topic for more information: Nonce.

Note

Inserting content in HTML format violates the "style-src 'self' Content Security Policy directive. Add the 'unsafe-inline' keyword to the directive to allow the browser to insert HTML content from the clipboard into a document opened in the Rich Text Editor.

The example below demonstrates how to add the control’s in-line styles to the allowed list:

<head>
    <meta http-equiv="Content-Security-Policy" 
          content="script-src 'self' 'nonce-@YourNonceProvider.CurrentNonce'" />
    <!-- ... -->
</head>
@(Html.DevExpress().RichEdit("richEdit")
    .Nonce(YourNonceProvider.CurrentNonce)
    // ...
)
See Also