utils.csp
Content Security Policy (CSP) nonce injection.
Auto-injectsnonce="..." into <script> and <style>tags for
CSP compliance. Works as a post-processing step on rendered HTML.
Usage via RenderContext metadata::
from kida.render_context import render_context
with render_context() as ctx:
ctx.set_meta("csp_nonce", "abc123")
html = template.render(**data)
# All <script> and <style> tags now have nonce="abc123"
Usage as a filter::
{{ content | csp_nonce("abc123") }}
Usage as a standalone function::
from kida.utils.csp import inject_csp_nonce
safe_html = inject_csp_nonce(html, "abc123")
inject_csp_nonce
2
str
▼
def inject_csp_nonce(html_content: str, nonce: str) -> str
Inject CSP nonce into all