quizbase

How does the nonce attribute enhance security in the <style> element?

The nonce attribute allows inline styles to be securely applied by using a unique, unpredictable value.

The nonce attribute is used in conjunction with a Content Security Policy (CSP) to allow inline styles while preventing unauthorized scripts. The server generates a unique nonce value for each request, which must match the nonce in the policy. This ensures that only styles with the correct nonce are executed, enhancing security by preventing cross-site scripting (XSS) attacks.

<style nonce="random123">
  p { color: red; }
</style>