Content Security Policy may restrict contenteditable behavior

OS: Windows 11 기기: Desktop or Laptop Any 브라우저: Chrome 120.0 키보드: US 초안

cspsecuritychromewindows

이 페이지는 아직 번역되지 않았습니다

현재 영어 원문을 표시하고 있습니다. 번역에 기여해 주시면 감사하겠습니다.

Phenomenon

When a page has a strict Content Security Policy (CSP), certain contenteditable operations may be restricted. Pasting content, executing scripts, or inserting HTML may be blocked depending on the CSP directives.

Reproduction example

Create a page with a strict CSP header (e.g., default-src 'self').
Create a contenteditable div on the page.
Try to paste content from clipboard.
Try to insert HTML programmatically.
Observe any CSP violations or blocked operations.

Observed behavior

In Chrome on Windows, CSP may block certain contenteditable operations.
Pasting may be restricted if unsafe-inline is not allowed.
Script execution within contenteditable may be blocked.
CSP violations may be logged in the console.

Expected behavior

CSP should not interfere with basic contenteditable editing.
Pasting should work within CSP constraints.
Or, there should be clear documentation on CSP and contenteditable interaction.

Playground for this case

Use the reported environment as a reference and record what happens in your environment while interacting with the editable area.

Reported environment

OS: Windows 11

Device: Desktop or Laptop Any

Browser: Chrome 120.0

Keyboard: US

Your environment

OSDeviceBrowserKeyboard

Use this editable area to reproduce the described case.

Event log

Use this log together with the case description when filing or updating an issue.

0 events

Interact with the editable area to see events here.