RichEditBuilder.Nonce(String) Method
Specifies the nonce attribute for the HTML markup the Rich Text Editor generates.
Namespace: DevExpress.AspNetCore.RichEdit
Assembly: DevExpress.AspNetCore.RichEdit.v23.2.dll
NuGet Package: DevExpress.AspNetCore.RichEdit
Declaration
public RichEditBuilder Nonce(
string nonce
)Parameters
| Name | Type | Description |
|---|---|---|
| nonce | String | A cryptographic nonce (“number used once”). |
Returns
| Type | Description |
|---|---|
| RichEditBuilder | An object that can be used to further configure the Rich Text Editor. |
Remarks
Content Security Policy (CSP) is an additional layer of security built into most modern browsers. The CSP defines a list of policies and initial values that determine which resources your site allows or restricts. This security layer helps browsers to recognize and mitigate certain types of attacks, such as Cross-Site Scripting (XSS) and data injection attacks.
Content Security Policy blocks in-line styles that the Rich Text Editor uses. Specify the control’s Nonce property to add the Rich Text Editor’s in-line styles to the allowed list and run the control in an application with CSP enabled. Refer to the following topic for more information: Nonce.
Note
Inserting content in HTML format violates the "style-src 'self' Content Security Policy directive. Add the 'unsafe-inline' keyword to the directive to allow the browser to insert HTML content from the clipboard into a document opened in the Rich Text Editor.
The example below demonstrates how to add the control’s in-line styles to the allowed list:
<head>
<meta http-equiv="Content-Security-Policy"
content="script-src 'self' 'nonce-@YourNonceProvider.CurrentNonce'" />
<!-- ... -->
</head>
@(Html.DevExpress().RichEdit("richEdit")
.Nonce(YourNonceProvider.CurrentNonce)
// ...
)