HTML | low Attribute

HTML nonce Attribute

Last Updated : 30 Aug, 2024

The HTML nonce attribute is a global content attribute that defines a cryptographic nonce(" number used once "). It is used by Content Security Policy(it is an additional layer of security that helps to detect and mitigate certain types of attacks like data injection attacks) to check whether a given fetch will be allowed to proceed for a given element or not. Generally, the attribute nonce specifies the way by which the browser is told that inline contents of some style element or specific/particular script were not injected into the document by third parties and were put in the document intentionally by whoever controls the server from where the document is served.

It allows the list of specific elements such as some specific inline script or style elements. It helps to avoid the use of the CSP unsafe-inline directive that would allow-list all inline styles.

Usage of nonce attribute

For using none, provide the script tag a nonce attribute. The value of the nonce attribute must match one in the list of trusted sources.

Example: In this example we showcases the nonce attribute, enhancing security by allowing only styles and scripts with matching nonce values to execute.

HTML

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" 
          content="width=device-width, initial-scale=1.0">
    <title>Nonce Attribute Example</title>
    <style nonce="EDNnf03nceIOfn39fn3e9h3sdfa">
        /* This style block is allowed because it has the correct nonce */
        body {
            background-color: #f0f0f0;
        }
    </style>
</head>

<body>
    <h1>Welcome to My Website</h1>
    <script nonce="EDNnf03nceIOfn39fn3e9h3sdfa">
        // This script is allowed because it has the correct nonce
        console.log('Hello, world!');
    </script>
</body>

</html>

Now this nonce needs to be added to our script-src directive appended to the nonce- keyword.

Content-Security-Policy: script-src 'nonce-EDNnf03nceIOfn39fn3e9h3sdfa'

Supported Browsers:

HTML | low Attribute

S

siddharth01

Improve

Article Tags :

Similar Reads

HTML oncut Attribute

This attribute fires when the user cut or deletes the content that has been present in the element. It is a Boolean-type attribute. This attribute is supported by all HTML elements but it is possible for that element which has a ContentEditable attribute set to "true".Note:There are 3 ways to cut th

HTML name Attribute

The HTML name attribute labels elements, notably form inputs, identifying them for data submission. It's crucial for form processing and is often used in JavaScript DOM manipulation. Unique within a form.Note: This attribute has been DEPRECATED and is no longer recommended.Supported tags:ElementDesc

HTML open Attribute

The open attribute in HTML is used to indicate whether the details will be shown on page load. This is a boolean attribute. If it is not present by default then details are not shown. Note: This attribute is used by <details> element only. This attribute has been DEPRECATED and is no longer re

HTML src attribute

The HTML src attribute specifies the URL or file path of an external resource, such as an image, video, audio file, or script, to be embedded or referenced within a webpage. Syntax: <element src="url">HTML src attribute Supported tagsTagDescription<audio>Embeds sound content for playback

HTML | low Attribute

The HTML | low attribute is used to specify the range where the value of gauge is considered to be low. The value of the low attribute must be greater than the â€œminâ€, less than the â€œmaxâ€ and â€œhighâ€ attribute. Usage: This attribute is only used with the <meter> tag. Syntax: <meter low="numbe

HTML | srcdoc Attribute

The HTML srcdoc attribute is used to specify the HTML content of the page to show in the inline frame. This attribute is anticipated to be used beside the sandbox and seamless attributes. If a browser supports the srcdoc attribute, it'll override the content laid out in the src attribute (if present

HTML | scoped Attribute

The HTML scoped attribute is a boolean attribute that is used to specify that the styles only apply to this element's parent element and that element's child elements (not the entire document).Note : It is a deprecated attribute and it is not supported by HTML5. Supported tag: style Example: html

HTML type Attribute

The type attribute in HTML specifies the type of content associated with an element, such as the button type, the media type of a source in an audio or video tag, or the type of input in a form element. Syntax: <element type="value"> Note: This attribute has been DEPRECATED and is no longer re

HTML lang Attribute

This attribute is used to specify the language of the element content. Some examples of languages are en for English, es for Spanish, etc. Syntax:<element lang = "language_code">Attribute Value: This attribute contains a single value language_code which is used to specify the language of the c

HTML size Attribute

The size attribute in HTML is used to specify the initial width for the input field and the number of visible rows for the select element.The size attribute can be used with the following elements:Â Â <input><hr><select><font>Â Attribute Values: It contains a numeric value that