Content Security Policy

If the strict Content-Security-Policy (CSP) mode is enabled, it disables the following browser features by default:

Inline JavaScript, such as <script></script>, or DOM event attributes, such as onclick, are blocked. All script code must reside in separate files that are served from a white-listed domain.
Dynamic code evaluation through eval() and string arguments for both setTimeout and setInterval are blocked.

Working with Kendo UI for jQuery

Kendo UI for jQuery uses eval() calls for its templates to work internally. Thus, Kendo UI for jQuery does not currently support the strict CSP mode.

If CSP is enabled for a Kendo UI application, you have to add at least the unsafe-eval keyword as a part of the meta tag that is used for enabling the CSP mode.

<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-eval' 'self' https://kendo.cdn.telerik.com;">

In this article

Not finding the help you need?

Contact Support

Improve this article

Getting Started

Community

Frameworks

Progress, Telerik, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

DO NOT SELL MY PERSONAL INFORMATION

Product Bundles

DevCraft

Web

Mobile

Document Management

Desktop

Reporting & Mocking

Automated Testing

CMS

UI/UX Tools

Debugging

Extended Reality

Free Tools

Content Security Policy

Working with Kendo UI for jQuery

Getting Started

Community

Frameworks