AngularJS ng-csp Directive


Change the way AngularJS carries on in regards to "eval" and inline styles:

<body ng-app="" ng-csp>
Try it yourself »

Definition and Usage

The ng-csp order is utilized to change the security approach of AngularJS.

With the ng-csp order set, AngularJS won't run any eval capacities, and it won't infuse any inline styles.

Setting the estimation of the ng-csp mandate to no-dangerous eval, will prevent AngularJS from running any eval capacities, yet permit infusing inline styles.

Setting the estimation of the ng-csp mandate to no-inline-style, will prevent AngularJS from infusing any inline styles, be that as it may, permit eval functions.

Using the ng-csp mandate is essential when creating applications for Google Chrome Extensions or Windows Apps.

Note: The ng-csp mandate does not influence JavaScript, however it changes the way AngularJS works, which means: you can even now compose eval capacities, and they will be executed as you expect, yet AngularJS won't run its very own eval capacities. It utilizes a compatability mode which can back off the assessment time up to 30%.


<element ng-csp="no-risky eval | no-inline-style"></element>

Parameter Values

Value Description
no-risky eval
The esteem can be unfilled, which means neither eval or inline styles are allowed.
The esteem can be one of the two qualities described.
The esteem can be the two qualities, isolated by a semicolon, yet that will have the equivalent which means as a void value.