Content Security Policy may restrict contenteditable behavior

OS: Windows 11 デバイス: Desktop or Laptop Any ブラウザ: Chrome 120.0 キーボード: US 下書き

cspsecuritychromewindows

このページはまだ翻訳されていません

現在、英語の原文を表示しています。翻訳への貢献をお待ちしております。

Phenomenon

When a page has a strict Content Security Policy (CSP), certain contenteditable operations may be restricted. Pasting content, executing scripts, or inserting HTML may be blocked depending on the CSP directives.

Reproduction example

Create a page with a strict CSP header (e.g., default-src 'self').
Create a contenteditable div on the page.
Try to paste content from clipboard.
Try to insert HTML programmatically.
Observe any CSP violations or blocked operations.

Observed behavior

In Chrome on Windows, CSP may block certain contenteditable operations.
Pasting may be restricted if unsafe-inline is not allowed.
Script execution within contenteditable may be blocked.
CSP violations may be logged in the console.

Expected behavior

CSP should not interfere with basic contenteditable editing.
Pasting should work within CSP constraints.
Or, there should be clear documentation on CSP and contenteditable interaction.

Playground for this case

Use the reported environment as a reference and record what happens in your environment while interacting with the editable area.

Reported environment

OS: Windows 11

Device: Desktop or Laptop Any

Browser: Chrome 120.0

Keyboard: US

Your environment

OSDeviceBrowserKeyboard

Use this editable area to reproduce the described case.

Event log

Use this log together with the case description when filing or updating an issue.

0 events

Interact with the editable area to see events here.