When HTTP Header Content-Security-Policy is set to "Default-src 'self', ASP text box does not get hidden

Hi
When HTTP Header Content-Security-Policy is set to "Default-src 'self', ASP text box does not get hidden

Content-Security-Policy to Default-src 'self' on IIS
This is the piece of code which used to be "hidden" from user, but by setting Content-Security-Policy to Default-src 'self', it shows up on the UI on FireFox and Chrome. It hides correctly on IE.  

            <div style="position: relative; float: left;">
                <asp:TextBox ID="txtTop" runat="server" Width="0px" Height="0px" Style="background: #517ca6;
                    background-color: #517ca6; color: #517ca6;" BorderStyle="None"></asp:TextBox>
            </div>

Any suggestion on how we can keep the control hidden, and be able to set Content-Security-Policy to Default-src 'self'?
ArikkanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ryan ChongBusiness Systems Analyst , ex-Senior Application EngineerCommented:
Any suggestion on how we can keep the control hidden, and be able to set Content-Security-Policy to Default-src 'self'?

add Visible="False" to the control ?

<asp:TextBox ID="txtTop" runat="server" Width="0px" Height="0px" Style="background: #517ca6;
                    background-color: #517ca6; color: #517ca6;" BorderStyle="None"
                    Visible="False">test</asp:TextBox>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave BaldwinFixer of ProblemsCommented:
Content-Security-Policy is not intended to 'hide' elements on a page but to restrict where files can be loaded from. https://www.owasp.org/index.php/Content_Security_Policy

Show us the 'View Source' for this from your browser.  All elements that start with "<asp:..." are converted to plain HTML values when they are sent to the browser.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.