RequiredFieldValidator injecting inlined JavaScript on web page?

Question

I have an asp.net app that uses asp:RequiredFieldValidator, and a Content Security Policy that does not allow execution of inline scripts. However RequiredFieldValidator writes an inline script after the page loads which breaks all JavaScript on the page. Is there any way around this?

Here's the code it's injecting:

<script type="text/javascript">
//<![CDATA[
var fv_1 = document.all ? document.all["fv_1"] : document.getElementById("fv_1");
fv_1.controltovalidate = "1";
fv_1.display = "Dynamic";
fv_1.enabled = "False";
fv_1.validationGroup = "vg_submit";
fv_1.evaluationfunction = "RequiredFieldValidatorEvaluateIsValid";
fv_1.initialvalue = "";
//]]>
</script>

Edit: It's doing the same thing with the form tag:

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['form1'];
if (!theForm) {
    theForm = document.form1;
}
function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
        theForm.__EVENTTARGET.value = eventTarget;
        theForm.__EVENTARGUMENT.value = eventArgument;
        theForm.submit();
    }
}
//]]>
</script>

You can [override](https://stackoverflow.com/questions/62722871/customize-web-form-script-generation/62802596#62802596) __doPostBack or HtmlTextWriter methods to intercept the output and insert the nonce='value' attribute into scripts — granty, Jun 24 '21 at 10:55

RequiredFieldValidator injecting inlined JavaScript on web page?

0 Answers0