Skip to content

Blazor Virtualize requires inline styles, preventing strict CSP enforcement #66840

Description

@vsfeedback

This issue has been moved from a ticket on Developer Community.


The Blazor component applies inline styles internally for layout and item positioning. Due to this dependency, it is not feasible to enforce a strict Content Security Policy (CSP) without allowing unsafe-inline, which does not meet our security requirements.

Could you please confirm whether this behavior is expected and advise if there are plans or recommended approaches to make compatible with strict CSP configurations?

Reproduction steps

  • Create a Blazor Server or Blazor WebAssembly application.
  • Configure a strict CSP (for example, disallowing unsafe-inline in style-src).
  • Add the component to a page.
  • Run the application and observe the browser console.

Original Comments

Feedback Bot on 4/16/2026, 06:52 AM:

We have directed your feedback to the appropriate engineering team for further evaluation. The team will review the feedback and notify you about the next steps.

Kirupa Karan Raj Kumar on 4/28/2026, 07:51 AM:

Hi Team,

Any update on this query?

Regards,
Kirupa.

Metadata

Metadata

Assignees

Labels

Author: Migration Bot 🤖The issue was created by a issue mover bot. The author may not be the actual author.area-blazorIncludes: Blazor, Razor Components

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions