Dialog actions cause an "Invalid template" error when CSP is enabled

Progress® Telerik® UI for ASP.NET Core Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Completed

Last Updated: 30 Jan 2024 17:00 by ADMIN

Release 2024 Q1

Bharati

Created on: 30 Jun 2023 09:32

Category: UI for ASP.NET Core

Type: Bug Report

Dialog actions cause an "Invalid template" error when CSP is enabled

### Bug report

When the Dialog is configured with actions and the Content Security Policy is enabled, it throws an "Invalid template" error.

### Reproduction of the problem

1) Configure a Dialog widget with actions and set the CSP with the following content:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' https://kendo.cdn.telerik.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://kendo.cdn.telerik.com;" />

2) Open the browser console to review the error.

A Dojo sample for reproduction: https://dojo.telerik.com/ULOyazUC

### Expected/desired behavior

The Dialog should be rendered correctly without using the 'unsafe-eval' keyword in the "script-src" directive.

### Workaround

Insert the following script before the Dialog initialization:

 <script>
    kendo.ui.Dialog.fn._mergeTextWithOptions = function(action) { var text = action.text; if(text) { return kendo.isFunction(text) ? text(this.options) : text; } return ""; }
</script>

### Environment

* **Kendo UI version: 2023.2.606
* **jQuery version: 3.4.1
* **Browser: [all]