diff --git a/blazor/circular-gauge/content-security-policy.md b/blazor/circular-gauge/content-security-policy.md
index 779ac52c88..951d222db1 100644
--- a/blazor/circular-gauge/content-security-policy.md
+++ b/blazor/circular-gauge/content-security-policy.md
@@ -9,7 +9,7 @@ documentation: ug
# Circular Gauge Strict CSP Feature Limitations
-The Syncfusion® Blazor **Circular Gauge** component supports **strict CSP** for its core functionality, allowing most default operations such as rendering axes, ticks, labels, ranges, pointers, annotations, legends, tooltips, and multiple axes—without requiring `'unsafe-inline'` in the `style-src` directive.
+The Syncfusion® Blazor **Circular Gauge** component supports **strict CSP** for its core functionality, allowing most default operations such as rendering axes, ticks, labels, ranges, pointers, annotations, legends, tooltips, and multiple axes without requiring `'unsafe-inline'` in the `style-src` directive.
However, animation-related features rely on dynamic runtime style manipulations (likely involving inline styles or CSS transitions applied via JavaScript) to achieve smooth sequential rendering effects, which are blocked under a fully strict CSP configuration.
@@ -19,7 +19,7 @@ This document outlines the specific animation features that require the `style-s
The following features in the Circular Gauge currently **require** `style-src 'unsafe-inline'` to function correctly:
- **[Animation Features](./animations.md)**
+ **[Animation Features](./animations)**
All animation capabilities, controlled primarily via the `AnimationDuration` property (on the `SfCircularGauge` component) and optionally via `CircularGaugePointerAnimation` for individual pointers, depend on dynamic inline styles or style injections for smooth transitions.
When animation is enabled (`AnimationDuration > 0`), the component animates elements sequentially: axis line → ticks and labels → ranges → pointers → annotations. Pointers can have individual animation durations.
Disabling animation (default: `AnimationDuration = 0`) renders the gauge instantly without transitions.
@@ -45,8 +45,6 @@ Use this configuration when animation is not required (or can be disabled by set
upgrade-insecure-requests;">
```
->This policy ensures full strict CSP compliance for the Circular Gauge's primary visualization and data representation capabilities.
-
### Relaxed CSP Configuration (Full Feature Enabled)
Include 'unsafe-inline' in style-src to enable animation features:
@@ -64,12 +62,4 @@ Include 'unsafe-inline' in style-src to enable animation features:
upgrade-insecure-requests;">
```
-> Use this configuration only when smooth loading animations or pointer-specific animations are essential to your application. This maintains strong overall protection while permitting the dynamic styling needed for animations.
-
-
-### Future Improvements
- - The security limitation related to the Notes field (Rich Text Editor formatting) will be addressed in future weekly security patch releases.
-
- - Syncfusion® is actively working toward full strict CSP compatibility across all features of the Gantt Chart component, with the goal of eliminating the need for **'unsafe-inline'** entirely.
-
- - Track the latest **Syncfusion® Blazor release notes and weekly patches for CSP-related updates and announcements.
\ No newline at end of file
+>**Note:** Use this configuration only when smooth loading animations or pointer-specific animations are essential to your application. This maintains strong overall protection while permitting the dynamic styling needed for animations.
\ No newline at end of file
diff --git a/blazor/common/content-security-policy.md b/blazor/common/content-security-policy.md
index 543628df71..ac4ccc4975 100644
--- a/blazor/common/content-security-policy.md
+++ b/blazor/common/content-security-policy.md
@@ -21,11 +21,11 @@ Syncfusion® Blazor components now offer improved support for strict **Content S
Now we have introduced **strict CSP compatibility** for **over 80 components**. Default functionalities across these components now operate seamlessly under a strict CSP configuration without requiring unsafe directives such as `'unsafe-eval'` or `'unsafe-inline'` in many scenarios.
-This enhancement allows developers to enforce modern, secure browser policies more easily while retaining full component capabilities in Blazor Server, WebAssembly, and hybrid (Auto) render modes.
+This enhancement allows developers to enforce modern, secure browser policies more easily while retaining full component capabilities in Blazor Web App (any render mode: Server, WebAssembly, or Auto) and Wasm standalone app.
### Recommended CSP Directives for Strict CSP implemented Syncfusion® Blazor Components
-The following CSP configurations are **tested and recommended** for Syncfusion® Blazor components that support strict CSP (Refer Supported list below).
+The following CSP configurations are **tested and recommended** for Syncfusion® Blazor components that support strict CSP.
#### For Blazor Interactive Server App
@@ -62,136 +62,43 @@ The following CSP configurations are **tested and recommended** for Syncfusion®
```
> **Note:** The [wasm-unsafe-eval](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution) source expression is mandatory for Blazor WebAssembly and Blazor Web App applications, as it enables the browser to compile and execute WebAssembly modules required by the Blazor Mono runtime on the client. Without this directive, modern browsers will block WebAssembly execution, preventing the Blazor runtime from initializing correctly.
-If your application includes Syncfusion® components that are not explicitly marked as Strict CSP implemented, you must include the **style-src 'unsafe-inline' directive** in your Content Security Policy.
-Refer to the list of supported components to verify Strict CSP compatibility. We have also outlined the features that currently require additional CSP directives.
-
-### Component Categories Overview
-
-Below is an updated overview highlighting CSP compliance status based on the latest verification:
-
->**Important:** HTMLAttribute/InputAttributes Parameter Limitations Under Strict CSP
-When using a strict Content Security Policy (CSP), support for inline style attributes is not currently available. Support for inline style attributes will be added in a future weekly patch release.
-Please refer to upcoming Syncfusion® release notes for updates.
-
-
-
-### Data Management
-
-| Fully Strict CSP Compliant | HTML Attributes (Style Attributes Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-| DataGrid, Pager, Tree Grid, DataForm, Query Builder | ListView | [Pivot Table](../pivot-table/content-security-policy) |
-
----
-
-
-### Scheduling & Calendars
-
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-| Scheduler, Calendar | DatePicker, DateRangePicker, DateTime Picker, TimePicker | [Gantt Chart](../gantt-chart/content-security-policy) |
-
----
-
-
-### File Viewers & Editors & File Management
-
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-| File Upload | Imageditor |- |
-
----
-
-
-### Layout Components
-
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-| Dashboard Layout, Timeline, Avatar, Media Query | Dialog, Predefined Dialog, Splitter, Tooltip | - |
-
----
-
-### Notifications
-
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-|Toast, Spinner, Message, Skeleton, ProgressBar, Badge | - | - |
-
----
-
-### Data Visualization, Diagram and Maps
-
-| Fully Strict CSP Compliant |HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-| BarcodeGenerator, QRCodeGenerator, Linear Gauge, TreeMap | - | [Circular Gauge](../circular-gauge/content-security-policy), [Maps](../maps/content-security-policy), [Heatmap Chart](../heatmap-chart/content-security-policy) |
-
----
-
-### Buttons and Actions
-
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-|SplitButton, Toggle Switch Button, Button Group, Button, Progress Button, Floating Action Button, Speed Dial | DropDown Menu, Chips | - |
-
----
-
-
-### Dropdowns
-
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-|Mention, ListBox | MultiColumn Combobox, Dropdown List, AutoComplete, ComboBox, Multiselect Dropdown, Dropdown Tree | - |
-
----
-
-
-### Inputs
-
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation|
-|----------------------------|------------------------|--------------------------|
-| RangeSlider, Radio Button, Checkbox, Speech to text, Rating | In-Place Editor, TextBox, TextArea, Numeric TextBox, OtpInput, Inputmask, Color picker, Color palatte | - |
-
----
-
-
-### Navigation & Actions
-
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-| Ribbon | Accordion, Stepper, Breadcrumb, AppBar, Carousal, Context Menu, Sidebar, MenuBar, Tabs, Toolbar, | [TreeView](../treeview/content-security-policy) |
-
----
-
-
-
-### Smart Components
+## Constraints and Considerations
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-| Smart Paste Button, Smart TextArea | - | - |
+While Syncfusion® Blazor components are progressively moving toward full strict CSP compliance, certain scenarios still require the **`style-src 'unsafe-inline'`** directive. You must include this directive in your CSP configuration if your application falls into any of the following scenarios:
----
+**Scenario 1: Components that require CSP relaxation**
-### Interactive Chat
+Certain components inherently rely on dynamic or inline style injection and cannot function under a strict CSP without `'unsafe-inline'`.
-| Fully Strict CSP Compliant | HTML Attributes (Inline Styles Not Supported) | Feature Limitation |
-|----------------------------|------------------------|--------------------------|
-| AI Assist View| - | - |
+#### Components Requiring CSP Relaxation
----
+| Category | Components
+|-------------------------------------------|---------------------------------------------------------------------------|
+| **Data Visualization** | • Charts
• 3D Charts
• Stock Chart
• Bullet Chart
• Range Selector
• Sankey
• Sparkline Chart
• Smith Chart |
+| **File Viewers & Editors** | • Block Editor
• Rich Text Editor |
+| **Interactive Chat** | • Chat UI |
+| **File Management** | • File Manager|
+| **Layout** | • Card |
+| **Diagrams and Maps** | • Diagram |
+| **Kanban** | • Kanban |
-## Constraints and Considerations
-While Syncfusion® Blazor components are progressively moving toward full strict CSP compliance, certain scenarios still require the **`style-src 'unsafe-inline'`** directive. You must include this directive in your CSP configuration if your application falls into any of the following scenarios:
-**Scenario 1: Components that require CSP relaxation**
+**Scenario 2: Components with feature limitations**
-Certain components inherently rely on dynamic or inline style injection and cannot function under a strict CSP without `'unsafe-inline'`. Refer to the **Components Requiring CSP Relaxation** table below for the complete list.
+Some components are largely strict CSP-compliant, but specific features within them require inline styles. If your application uses any component listed in the **Feature-Limited Components** table below, the `'unsafe-inline'` directive is required.
-**Scenario 2: Components with feature limitations**
+#### Feature-Limited Components
-Some components are largely strict CSP-compliant, but specific features within them require inline styles. If your application uses any such feature in Pivot Table, Gantt Chart, Circular Gauge, Maps, Heatmap Chart, or TreeView, the `'unsafe-inline'` directive is required. Refer to the **Feature Limitation** column in the Component Categories Overview for details.
+| Category | Components |
+|----------|------------|
+| Data Management | • [Pivot Table](../pivot-table/content-security-policy) |
+| Scheduling & Calendars | • [Gantt Chart](../gantt-chart/content-security-policy) |
+| Data Visualization | • [Circular Gauge](../circular-gauge/content-security-policy)
• [Heatmap Chart](../heatmap-chart/content-security-policy) |
+| Navigations| • [TreeView](../treeview/content-security-policy) |
+| Diagrams and Maps | • [Maps](../maps/content-security-policy) |
**Scenario 3: Inline styles passed via `InputAttributes` or `HtmlAttributes`**
@@ -220,21 +127,3 @@ If your application falls under any of the above scenarios, apply the following
```
> **Note:** The [wasm-unsafe-eval](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution) source expression is mandatory for Blazor WebAssembly and Blazor Web App applications. It enables the browser to compile and execute WebAssembly modules required by the Blazor Mono runtime. Without this directive, modern browsers will block WebAssembly execution, preventing the Blazor runtime from initializing correctly.
-
-#### Components Requiring CSP Relaxation
-
-| Category | Components
-|-----------------------------------|----------------------------------------------------------------------------|
-| **Charts & Advanced Visualizations** | Charts, 3D Charts, Stock Chart, BulletChart, Range Selector, Sankey,Sparkline Charts, Smith Chart, Diagram
-| **Editors and Kanban** | Block Editor , RichtextEditor Kanban |
-| **Interactive Chat** | Chat UI |
-| **File Management and Card** | File Manager, Card |
-
-
->**Important:** CSP compliance remains a key security priority. We are actively working toward achieving complete Strict CSP compatibility for all components, and updates will be provided incrementally through upcoming security patch releases.
-
-### Best Practices
-
- - Apply the strictest CSP policy feasible for your application
- - Avoid using 'unsafe-inline' unless explicitly required
- - Track Syncfusion® release notes for CSP-related improvements
diff --git a/blazor/gantt-chart/content-security-policy.md b/blazor/gantt-chart/content-security-policy.md
index c855175f94..3dfaf49c04 100644
--- a/blazor/gantt-chart/content-security-policy.md
+++ b/blazor/gantt-chart/content-security-policy.md
@@ -43,7 +43,7 @@ Use this configuration when the rich **Notes** field is not required or can be d
upgrade-insecure-requests;">
```
->This policy ensures full strict CSP compliance for the Gantt Chart's primary project management and visualization capabilities.
+
### Relaxed CSP Configuration (Full Feature Enabled)
@@ -61,9 +61,3 @@ Include 'unsafe-inline' in style-src to enable rich formatting in the Notes fiel
font-src 'self' data:;
upgrade-insecure-requests;">
```
-
-### Future Improvements
- - The security limitation related to the Notes field (Rich Text Editor formatting) will be addressed in future weekly security patch releases.
-
- - Syncfusion® is actively working toward full strict CSP compatibility across all features of the Gantt Chart component, with the goal of eliminating the need for **'unsafe-inline'** entirely.
-Track the latest **Syncfusion® Blazor release notes and weekly patches for CSP-related updates and announcements.
\ No newline at end of file
diff --git a/blazor/heatmap-chart/content-security-policy.md b/blazor/heatmap-chart/content-security-policy.md
index 4804f65520..2e7ca72b58 100644
--- a/blazor/heatmap-chart/content-security-policy.md
+++ b/blazor/heatmap-chart/content-security-policy.md
@@ -9,7 +9,7 @@ documentation: ug
# Heatmap Strict CSP Feature Limitations
-The Syncfusion® Blazor **Heatmap** component supports **strict CSP** for its core functionality, enabling most default operations—such as data binding (one-dimensional and two-dimensional), color mapping (palette, gradient, fixed), axis customization (labels, ticks, inversed, opposed), cell rendering, legends, tooltips, title/subtitle, border and cell spacing, RTL support, accessibility, keyboard navigation, and export (image/PDF)—without requiring `'unsafe-inline'` in the `style-src` directive.
+The Syncfusion® Blazor **Heatmap** component supports **strict CSP** for its core functionality, enabling most default operations—such as data binding (one-dimensional and two-dimensional), color mapping (palette, gradient, fixed), axis customization (labels, ticks, inversed, opposed), cell rendering, legends, tooltips, title/subtitle, border and cell spacing, RTL support, accessibility, keyboard navigation, and export (image/PDF) without requiring `'unsafe-inline'` in the `style-src` directive.
However, interactive selection features rely on dynamic runtime style manipulations (typically for applying selection borders, background changes, opacity adjustments, focus indicators, or overlay effects via inline styles managed by JavaScript), which are blocked under a fully strict CSP configuration.
@@ -47,7 +47,6 @@ Use this configuration when selection interactivity is not required (or can be d
font-src 'self' data:;
upgrade-insecure-requests;">
```
->This policy ensures full strict CSP compliance for the Heatmap component's primary data visualization and representation capabilities.
### Relaxed CSP Configuration (Full Feature Enabled)
@@ -64,11 +63,4 @@ Include 'unsafe-inline' in style-src to enable single and multiple cell selectio
font-src 'self' data:;
upgrade-insecure-requests;">
```
->Use this configuration only when single or multiple cell selection is essential for user interaction, drill-down, or data exploration workflows. This maintains strong overall protection while permitting the dynamic styling needed for selection feedback.
-
-### Future Improvements
- - The security limitation related to the Notes field (Rich Text Editor formatting) will be addressed in future weekly security patch releases.
-
- - Syncfusion® is actively working toward full strict CSP compatibility across all features of the Gantt Chart component, with the goal of eliminating the need for **'unsafe-inline'** entirely.
-
- - Track the latest **Syncfusion® Blazor release notes and weekly patches for CSP-related updates and announcements.
\ No newline at end of file
+> **Note:** Use this configuration only when single or multiple cell selection is essential for user interaction, drill-down, or data exploration workflows. This maintains strong overall protection while permitting the dynamic styling needed for selection feedback.
diff --git a/blazor/maps/content-security-policy.md b/blazor/maps/content-security-policy.md
index 10e5078280..f1cf271e00 100644
--- a/blazor/maps/content-security-policy.md
+++ b/blazor/maps/content-security-policy.md
@@ -27,13 +27,13 @@ The following features in the Maps component currently **require** `style-src 'u
- **Custom Highlight Features**
The following highlight/selection effects use dynamic inline styles to apply visual changes (e.g., border/color modifications, opacity shifts, scaling, or overlay rendering) at runtime:
- - **Bubble Highlight** — Dynamic emphasis on bubble elements (size/color changes on interaction).
- - **Marker Highlight** — Runtime styling for selected or hovered markers (e.g., glow, border, scale).
- - **Polygon Highlight** — Shape/polygon selection effects (fill/border updates).
- - **Navigation Highlight** — Highlighting navigation lines or paths (stroke changes, animations).
- - **Shape Highlight** — Base shape (region/country) selection or hover highlighting (color overrides, borders).
+ - **Bubble Highlight** - Dynamic emphasis on bubble elements (size/color changes on interaction).
+ - **Marker Highlight** - Runtime styling for selected or hovered markers (e.g., glow, border, scale).
+ - **Polygon Highlight** - Shape/polygon selection effects (fill/border updates).
+ - **Navigation Highlight** - Highlighting navigation lines or paths (stroke changes, animations).
+ - **Shape Highlight** - Base shape (region/country) selection or hover highlighting (color overrides, borders).
-> **Note:** Core features—including static shape rendering, data-bound color mapping, legends, tooltips, multiple layers, basic zooming/panning (without toolbar), annotations, and export (image/PDF)—operate fully under strict CSP without requiring `'unsafe-inline'`.
+> **Note:** Core features including static shape rendering, data-bound color mapping, legends, tooltips, multiple layers, basic zooming/panning (without toolbar), annotations, and export (image/PDF)—operate fully under strict CSP without requiring `'unsafe-inline'`.
## Recommended CSP Configurations
@@ -53,7 +53,7 @@ Use this configuration when the listed interactive/highlight features, OSM+toolb
font-src 'self' data:;
upgrade-insecure-requests;">
```
->This policy ensures full strict CSP compliance for the Maps component's primary geographic data visualization capabilities.
+
### Relaxed CSP Configuration (Full Feature Enabled)
Include 'unsafe-inline' in style-src to enable the restricted features (OSM with toolbar, click interactions, and all highlight customizations):
@@ -70,11 +70,4 @@ Include 'unsafe-inline' in style-src to enable the restricted features (OSM with
font-src 'self' data:;
upgrade-insecure-requests;">
```
->Use this configuration only when interactive highlights, OSM integration with toolbar, or click-based behaviors are essential to your application. This maintains strong overall protection while permitting the dynamic styling needed.
-
-### Future Improvements
- - The security limitation related to the Notes field (Rich Text Editor formatting) will be addressed in future weekly security patch releases.
-
- - Syncfusion® is actively working toward full strict CSP compatibility across all features of the Gantt Chart component, with the goal of eliminating the need for **'unsafe-inline'** entirely.
-
- - Track the latest **Syncfusion® Blazor release notes and weekly patches for CSP-related updates and announcements.
\ No newline at end of file
+> **Note:** Use above configuration only when interactive highlights, OSM integration with toolbar, or click-based behaviors are essential to your application. This maintains strong overall protection while permitting the dynamic styling needed.
diff --git a/blazor/pivot-table/content-security-policy.md b/blazor/pivot-table/content-security-policy.md
index 2a84b70e64..00ad02097e 100644
--- a/blazor/pivot-table/content-security-policy.md
+++ b/blazor/pivot-table/content-security-policy.md
@@ -47,7 +47,7 @@ Use this configuration when you can disable or avoid the limited features listed
upgrade-insecure-requests;">
```
-> This policy allows full strict CSP compliance for the Pivot Table's grid view and most non-visual features.
+
### Relaxed CSP Configuration (Full Feature Enabled)
Include 'unsafe-inline' in style-src to enable all features:
@@ -65,13 +65,4 @@ Include 'unsafe-inline' in style-src to enable all features:
```
-> Use this only when the restricted features (Pivot Chart, conditional formatting, etc.) are essential to your application. This relaxes the CSP slightly but still provides strong protection compared to broader unsafe directives.
-
-
-### Future Improvements
-
- - These security limitations for the listed features (Pivot Chart integration, conditional formatting, and related styling behaviors) will be addressed in **future weekly security patch releases**.
-
- - Syncfusion® is actively working toward full strict CSP compatibility across all features of the Pivot Table component, eliminating the need for 'unsafe-inline' entirely.
-
- - Track the latest Syncfusion® Blazor release notes and weekly patches for CSP-related updates and announcements.
\ No newline at end of file
+> **Note:** Use this only when the restricted features (Pivot Chart, conditional formatting, etc.) are essential to your application. This relaxes the CSP slightly but still provides strong protection compared to broader unsafe directives.
diff --git a/blazor/treeview/content-security-policy.md b/blazor/treeview/content-security-policy.md
index 943a3ea563..680ba113eb 100644
--- a/blazor/treeview/content-security-policy.md
+++ b/blazor/treeview/content-security-policy.md
@@ -9,9 +9,9 @@ documentation: ug
# TreeView Strict CSP Feature Limitations
-The Syncfusion® Blazor **TreeView** component supports **strict CSP** for its core functionality, enabling most default operations—such as hierarchical data binding, node selection, expansion/collapse, drag-and-drop, checkboxes, multi-selection, node editing, context menu integration, templates, icons/images, accessibility, keyboard navigation, and lazy loading—without requiring `'unsafe-inline'` in the `style-src` directive.
+The Syncfusion® Blazor **TreeView** component supports **strict CSP** for its core functionality, enabling most default operations such as hierarchical data binding, node selection, expansion/collapse, drag-and-drop, checkboxes, multi-selection, node editing, context menu integration, templates, icons/images, accessibility, keyboard navigation, and lazy loading without requiring `'unsafe-inline'` in the `style-src` directive.
-However, the **[virtualization](virtualization.md)** feature relies on dynamic runtime style manipulations (typically for precise positioning, sizing of virtualized containers, scroll calculations, and DOM recycling), which apply inline styles via JavaScript and are blocked under a fully strict CSP configuration.
+However, the **[virtualization](virtualization)** feature relies on dynamic runtime style manipulations (typically for precise positioning, sizing of virtualized containers, scroll calculations, and DOM recycling), which apply inline styles via JavaScript and are blocked under a fully strict CSP configuration.
This document details the specific feature that requires the `style-src 'unsafe-inline'` directive and provides recommended CSP configurations for different usage scenarios.
@@ -22,7 +22,8 @@ The following feature in the TreeView currently **requires** `style-src 'unsafe-
- **Virtualization**
UI virtualization (enabled via `EnableVirtualization="true"` with a fixed `Height`) optimizes performance for large hierarchical datasets by rendering only visible nodes and dynamically loading others on scroll. This involves runtime calculations for node positions, viewport management, and efficient DOM updates, which depend on applying dynamic inline styles for container sizing, offset positioning, and smooth scrolling behavior.
-> **Note:** All core TreeView features—including data binding (hierarchical and self-referential), node templates, custom rendering, drag-and-drop, editing, filtering, sorting (via integration), badges, context menu, RTL support, accessibility (ARIA/WCAG), keyboard navigation, lazy loading, and export capabilities—operate fully under strict CSP without requiring `'unsafe-inline'`.
+
+> **Note:** All core TreeView features including data binding (hierarchical and self-referential), node templates, custom rendering, drag-and-drop, editing, filtering, sorting (via integration), badges, context menu, RTL support, lazy loading, and export capabilities—operate fully under strict CSP without requiring `'unsafe-inline'`.
## Recommended CSP Configurations
@@ -43,8 +44,6 @@ Use this configuration when virtualization is not required (or can be disabled b
upgrade-insecure-requests;">
```
->This policy ensures full strict CSP compliance for the TreeView's primary hierarchical data display and interaction capabilities.
-
### Relaxed CSP Configuration (Full Feature Enabled)
Include **'unsafe-inline'** in **style-src** to enable the virtualization feature:
@@ -60,10 +59,4 @@ Include **'unsafe-inline'** in **style-src** to enable the virtualization featur
font-src 'self' data:;
upgrade-insecure-requests;">
```
->Use this configuration only when handling very large datasets requiring virtualization for optimal performance and memory efficiency. This maintains strong overall protection while allowing the dynamic styling needed for virtualization.
-
-### Future Improvements
-
- - Syncfusion® is working to remove the need for 'unsafe-inline' in TreeView virtualization, with the goal of eliminating the need for **'unsafe-inline'** entirely.
-
- - Track the latest **Syncfusion® Blazor release notes and weekly patches for CSP-related updates and announcements.
\ No newline at end of file
+> **Note:** Use this configuration only when handling very large datasets requiring virtualization for optimal performance and memory efficiency. This maintains strong overall protection while allowing the dynamic styling needed for virtualization.