When HTTP Header Content-Security-Policy is set to "Default-src 'self', ASP text box does not get hidden

Hi
When HTTP Header Content-Security-Policy is set to "Default-src 'self', ASP text box does not get hidden

Content-Security-Policy to Default-src 'self' on IIS
This is the piece of code which used to be "hidden" from user, but by setting Content-Security-Policy to Default-src 'self', it shows up on the UI on FireFox and Chrome. It hides correctly on IE.  

            <div style="position: relative; float: left;">
                <asp:TextBox ID="txtTop" runat="server" Width="0px" Height="0px" Style="background: #517ca6;
                    background-color: #517ca6; color: #517ca6;" BorderStyle="None"></asp:TextBox>
            </div>

Any suggestion on how we can keep the control hidden, and be able to set Content-Security-Policy to Default-src 'self'?
ArikkanAsked:
Who is Participating?
 
Ryan ChongConnect With a Mentor Commented:
Any suggestion on how we can keep the control hidden, and be able to set Content-Security-Policy to Default-src 'self'?

add Visible="False" to the control ?

<asp:TextBox ID="txtTop" runat="server" Width="0px" Height="0px" Style="background: #517ca6;
                    background-color: #517ca6; color: #517ca6;" BorderStyle="None"
                    Visible="False">test</asp:TextBox>
0
 
Dave BaldwinFixer of ProblemsCommented:
Content-Security-Policy is not intended to 'hide' elements on a page but to restrict where files can be loaded from. https://www.owasp.org/index.php/Content_Security_Policy

Show us the 'View Source' for this from your browser.  All elements that start with "<asp:..." are converted to plain HTML values when they are sent to the browser.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.