• https://docs.typo3.org/other/typo3/view-helper-reference/main/en-us/Global/Security/Nonce.html
• https://review.typo3.org/c/Packages/TYPO3.CMS/+/92138
• for v14.1.0 and v13.4.23 (not released yet)

Examples

<script nonce="{f:security.nonce(directive: 'script-src', scope: 'inline')}">
const test = true;
</script>

<script nonce="{f:security.nonce(directive: 'script-src', scope: 'static')}" src="{scriptUri}"></script>

New Attributes

• directive can be one of script-src, script-src-elem, style-src, style-src-elem
• scope can be either static or inline (default)

Hint

The {f:security.nonce()} view-helper is meant as a compatibility fallback. It is suggested to use more specific view-helpers like <f:asset.css> or <f:asset.script>.