Content Security Policy may restrict contenteditable behavior

操作系统: Windows 11 设备: Desktop or Laptop Any 浏览器: Chrome 120.0 键盘: US 草稿

cspsecuritychromewindows

此页面尚未翻译

目前显示的是英文原文。欢迎您参与翻译工作。

Phenomenon

When a page has a strict Content Security Policy (CSP), certain contenteditable operations may be restricted. Pasting content, executing scripts, or inserting HTML may be blocked depending on the CSP directives.

Reproduction example

Create a page with a strict CSP header (e.g., default-src 'self').
Create a contenteditable div on the page.
Try to paste content from clipboard.
Try to insert HTML programmatically.
Observe any CSP violations or blocked operations.

Observed behavior

In Chrome on Windows, CSP may block certain contenteditable operations.
Pasting may be restricted if unsafe-inline is not allowed.
Script execution within contenteditable may be blocked.
CSP violations may be logged in the console.

Expected behavior

CSP should not interfere with basic contenteditable editing.
Pasting should work within CSP constraints.
Or, there should be clear documentation on CSP and contenteditable interaction.

Playground for this case

Use the reported environment as a reference and record what happens in your environment while interacting with the editable area.

Reported environment

OS: Windows 11

Device: Desktop or Laptop Any

Browser: Chrome 120.0

Keyboard: US

Your environment

OSDeviceBrowserKeyboard

Use this editable area to reproduce the described case.

Event log

Use this log together with the case description when filing or updating an issue.

0 events

Interact with the editable area to see events here.