Skip to content

Signed in as (Sign out)

Signed in as (Sign out)

Close

Close

← CMS PaaS (Content Management System)

Welcome! 👋

CMS PaaS (Content Management System)

Searching…

No results.
Clear search results

- Analytics 9 ideas
- Campaign 16 ideas
- CMP (Content Marketing Platform) 347 ideas
- CMS PaaS (Content Management System) 175 ideas
- CMS SaaS (Content Management System) 74 ideas
- Collaboration 8 ideas
- Commerce Connect 43 ideas
- Configured Commerce 162 ideas
- Content Recommendations 7 ideas
- DAM (Digital Asset Management) 30 ideas
- Data Platform 47 ideas
- Feature Experimentation 56 ideas
- Integrations 13 ideas
- Optimizely Opal AI 32 ideas
- Other - Misc 29 ideas
- Personalization 22 ideas
- Product Recommendations 13 ideas
- Search & Navigation 21 ideas
- Web Experimentation 58 ideas

Make EpiServer Forms compatible with Content Security Policy (without 'unsafe-*'

Content Security Policy (CSP (https://developer.mozilla.org/en-US/docs/Glossary/CSP is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS (https://developer.mozilla.org/en-US/docs/Glossary/XSS and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.
Current version of EpiServer Forms is not compatible with Content Security Policy (without 'unsafe-*'.
This requires us to change EpiServer Form Element to follow directives from our IT-Security apartment.
Please remove/replace all inline CSS and Javascript required to run EpiServer Forms.
Documentation:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src

34 votes

Mattias Blomqvist shared this idea · Jan 20, 2021 · Report… · Admin →

Gathering Feedback · Sep 23, 2025

An error occurred while saving the comment