Last Updated: 30 Jan 2024 17:00 by ADMIN
Release 2024 Q1
Created on: 30 Jun 2023 09:32
Category: UI for ASP.NET Core
Type: Bug Report
Dialog actions cause an "Invalid template" error when CSP is enabled

### Bug report

When the Dialog is configured with actions and the Content Security Policy is enabled, it throws an "Invalid template" error.

### Reproduction of the problem

1) Configure a Dialog widget with actions and set the CSP with the following content:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" />

2) Open the browser console to review the error.

A Dojo sample for reproduction:

### Expected/desired behavior

The Dialog should be rendered correctly without using the 'unsafe-eval' keyword in the "script-src" directive.

### Workaround

Insert the following script before the Dialog initialization:

    kendo.ui.Dialog.fn._mergeTextWithOptions = function(action) { var text = action.text; if(text) { return kendo.isFunction(text) ? text(this.options) : text; } return ""; }

### Environment

* **Kendo UI version: 2023.2.606
* **jQuery version: 3.4.1
* **Browser: [all]