Products

Documentation keyboard_arrow_right Security

CSP Compliance

Jspreadsheet supports Content Security Policy (CSP) without requiring unsafe-inline or unsafe-eval.

Requirements

  • Use Formula Pro extension for secure formula execution
  • Pass a nonce property for dynamic styles
  • Include required CDN domains in your CSP policy

Example

<head>
    <meta charset="utf-8">

    <!-- Content Security Policy (example) -->
    <meta http-equiv="Content-Security-Policy" content="
        default-src 'self';
        object-src 'none';
        script-src 'self' https://cdn.jsdelivr.net;
        style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net 'nonce-704a9427-e2f5-41e1-ba92-f99256b9638d';
        font-src https://fonts.gstatic.com;
        img-src 'self' data:;">

    <title>Jspreadsheet</title>
    <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/jspreadsheet@12/dist/jspreadsheet.min.css" />
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/jsuites@5/dist/jsuites.min.css" />
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@lemonadejs/studio@5/dist/style.min.css" />

    <script src="https://cdn.jsdelivr.net/npm/jspreadsheet@12/dist/index.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/jsuites@5/dist/jsuites.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/lemonadejs@5/dist/lemonade.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/@lemonadejs/studio@5/dist/index.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/@jspreadsheet/validations/dist/index.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/@jspreadsheet/formula-pro@5/dist/index.min.js"></script>
</head>
<body>
<div id="root"></div>

<script src="./csp.js"></script>
</body>

JavaScript

// Set your JSS license key (The following key only works for one day)
jspreadsheet.setLicense('NzEzZDhlNzhjNmY4YmNlOWJhMjliYzU3MGNjNDQyZGI3YWY5NDU0YTZhZjRkZGY4YjNmZTUyYWY0MTFkMWI3M2VmMjE2NDZjMmUxNWQ3MWNlZWU3OTZmY2VlNGE5NDI1MjRmZTQ0ZjNmNmVhMDU4NGI3ZjNiNzg3YTQ3NzdlZjAsZXlKamJHbGxiblJKWkNJNklpSXNJbTVoYldVaU9pSktjM0J5WldGa2MyaGxaWFFpTENKa1lYUmxJam94TnpVNU56azJNelUwTENKa2IyMWhhVzRpT2xzaWFuTndjbVZoWkhOb1pXVjBMbU52YlNJc0ltTnZaR1Z6WVc1a1ltOTRMbWx2SWl3aWFuTm9aV3hzTG01bGRDSXNJbU56WWk1aGNIQWlMQ0p6ZEdGamEySnNhWFI2TG1sdklpd2lkMlZpWTI5dWRHRnBibVZ5TG1sdklpd2lkMlZpSWl3aWJHOWpZV3hvYjNOMElsMHNJbkJzWVc0aU9pSXpOQ0lzSW5OamIzQmxJanBiSW5ZM0lpd2lkamdpTENKMk9TSXNJbll4TUNJc0luWXhNU0lzSW1Ob1lYSjBjeUlzSW1admNtMXpJaXdpWm05eWJYVnNZU0lzSW5CaGNuTmxjaUlzSW5KbGJtUmxjaUlzSW1OdmJXMWxiblJ6SWl3aWFXMXdiM0owWlhJaUxDSmlZWElpTENKMllXeHBaR0YwYVc5dWN5SXNJbk5sWVhKamFDSXNJbkJ5YVc1MElpd2ljMmhsWlhSeklpd2lZMnhwWlc1MElpd2ljMlZ5ZG1WeUlpd2ljMmhoY0dWeklpd2labTl5YldGMElsMHNJbVJsYlc4aU9uUnlkV1Y5');
// Load the extensions
jspreadsheet.setExtensions({ validations, formula });

jspreadsheet(document.getElementById('root'), {
    nonce: '704a9427-e2f5-41e1-ba92-f99256b9638d',
    toolbar: true,
    tabs: true,
    worksheets: [{
        data: [
            [10,"=A1*2"],
            [20,"=A2*2"],
            [30,"=A3*2"],
        ],
        minDimensions: [6, 6],
    }],
    validations: [{
        range: 'Sheet1!A1:A3',
        action: "warning",
        criteria: "between",
        type: "number",
        value: [10, 30],
    }]
});

Framework Examples

import React, { useRef } from "react";
import { Spreadsheet, Worksheet, jspreadsheet } from "@jspreadsheet/react";
import validations from "@jspreadsheet/validations";
import formula from "@jspreadsheet/formula-pro";
import "jsuites/dist/jsuites.css";
import "jspreadsheet/dist/jspreadsheet.css";

// Set your JSS license key (The following key only works for one day)
jspreadsheet.setLicense('NzEzZDhlNzhjNmY4YmNlOWJhMjliYzU3MGNjNDQyZGI3YWY5NDU0YTZhZjRkZGY4YjNmZTUyYWY0MTFkMWI3M2VmMjE2NDZjMmUxNWQ3MWNlZWU3OTZmY2VlNGE5NDI1MjRmZTQ0ZjNmNmVhMDU4NGI3ZjNiNzg3YTQ3NzdlZjAsZXlKamJHbGxiblJKWkNJNklpSXNJbTVoYldVaU9pSktjM0J5WldGa2MyaGxaWFFpTENKa1lYUmxJam94TnpVNU56azJNelUwTENKa2IyMWhhVzRpT2xzaWFuTndjbVZoWkhOb1pXVjBMbU52YlNJc0ltTnZaR1Z6WVc1a1ltOTRMbWx2SWl3aWFuTm9aV3hzTG01bGRDSXNJbU56WWk1aGNIQWlMQ0p6ZEdGamEySnNhWFI2TG1sdklpd2lkMlZpWTI5dWRHRnBibVZ5TG1sdklpd2lkMlZpSWl3aWJHOWpZV3hvYjNOMElsMHNJbkJzWVc0aU9pSXpOQ0lzSW5OamIzQmxJanBiSW5ZM0lpd2lkamdpTENKMk9TSXNJbll4TUNJc0luWXhNU0lzSW1Ob1lYSjBjeUlzSW1admNtMXpJaXdpWm05eWJYVnNZU0lzSW5CaGNuTmxjaUlzSW5KbGJtUmxjaUlzSW1OdmJXMWxiblJ6SWl3aWFXMXdiM0owWlhJaUxDSmlZWElpTENKMllXeHBaR0YwYVc5dWN5SXNJbk5sWVhKamFDSXNJbkJ5YVc1MElpd2ljMmhsWlhSeklpd2lZMnhwWlc1MElpd2ljMlZ5ZG1WeUlpd2ljMmhoY0dWeklpd2labTl5YldGMElsMHNJbVJsYlc4aU9uUnlkV1Y5');

// Load the extensions
jspreadsheet.setExtensions({ validations, formula });

export default function App() {
    // Data
    const data = [
        [10, "=A1*2"],
        [20, "=A2*2"],
        [30, "=A3*2"],
    ];

    // Validations
    const validations = [{
        range: 'Sheet1!A1:A3',
        action: "warning",
        criteria: "between",
        type: "number",
        value: [10, 30],
    }];

    // Render component
    return (
        <Spreadsheet
            nonce="704a9427-e2f5-41e1-ba92-f99256b9638d"
            toolbar={true}
            tabs={true}
            validations={validations}
        >
            <Worksheet data={data} minDimensions={[6, 6]} />
        </Spreadsheet>
    );
}

<template>
  <Spreadsheet
    :nonce="nonce"
    :toolbar="true"
    :tabs="true"
    :validations="validations"
  >
    <Worksheet :data="data" :minDimensions="[6, 6]" />
  </Spreadsheet>
</template>

<script>
import { Spreadsheet, Worksheet, jspreadsheet } from "@jspreadsheet/vue";
import validations from "@jspreadsheet/validations";
import formula from "@jspreadsheet/formula-pro";
import "jsuites/dist/jsuites.css";
import "jspreadsheet/dist/jspreadsheet.css";

// Set your JSS license key (The following key only works for one day)
jspreadsheet.setLicense('NzEzZDhlNzhjNmY4YmNlOWJhMjliYzU3MGNjNDQyZGI3YWY5NDU0YTZhZjRkZGY4YjNmZTUyYWY0MTFkMWI3M2VmMjE2NDZjMmUxNWQ3MWNlZWU3OTZmY2VlNGE5NDI1MjRmZTQ0ZjNmNmVhMDU4NGI3ZjNiNzg3YTQ3NzdlZjAsZXlKamJHbGxiblJKWkNJNklpSXNJbTVoYldVaU9pSktjM0J5WldGa2MyaGxaWFFpTENKa1lYUmxJam94TnpVNU56azJNelUwTENKa2IyMWhhVzRpT2xzaWFuTndjbVZoWkhOb1pXVjBMbU52YlNJc0ltTnZaR1Z6WVc1a1ltOTRMbWx2SWl3aWFuTm9aV3hzTG01bGRDSXNJbU56WWk1aGNIQWlMQ0p6ZEdGamEySnNhWFI2TG1sdklpd2lkMlZpWTI5dWRHRnBibVZ5TG1sdklpd2lkMlZpSWl3aWJHOWpZV3hvYjNOMElsMHNJbkJzWVc0aU9pSXpOQ0lzSW5OamIzQmxJanBiSW5ZM0lpd2lkamdpTENKMk9TSXNJbll4TUNJc0luWXhNU0lzSW1Ob1lYSjBjeUlzSW1admNtMXpJaXdpWm05eWJYVnNZU0lzSW5CaGNuTmxjaUlzSW5KbGJtUmxjaUlzSW1OdmJXMWxiblJ6SWl3aWFXMXdiM0owWlhJaUxDSmlZWElpTENKMllXeHBaR0YwYVc5dWN5SXNJbk5sWVhKamFDSXNJbkJ5YVc1MElpd2ljMmhsWlhSeklpd2lZMnhwWlc1MElpd2ljMlZ5ZG1WeUlpd2ljMmhoY0dWeklpd2labTl5YldGMElsMHNJbVJsYlc4aU9uUnlkV1Y5');

// Load the extensions
jspreadsheet.setExtensions({ validations, formula });

export default {
    components: {
        Spreadsheet,
        Worksheet,
    },
    data() {
        const data = [
            [10, "=A1*2"],
            [20, "=A2*2"],
            [30, "=A3*2"],
        ];

        const validations = [{
            range: 'Sheet1!A1:A3',
            action: "warning",
            criteria: "between",
            type: "number",
            value: [10, 30],
        }];

        const nonce = "704a9427-e2f5-41e1-ba92-f99256b9638d";

        return {
            data,
            validations,
            nonce,
        };
    }
}
</script>

import { Component, ViewChild, ElementRef } from "@angular/core";
import jspreadsheet from "jspreadsheet";
import validations from "@jspreadsheet/validations";
import formula from "@jspreadsheet/formula-pro";
import "jsuites/dist/jsuites.css";
import "jspreadsheet/dist/jspreadsheet.css";

// Set your JSS license key (The following key only works for one day)
jspreadsheet.setLicense('NzEzZDhlNzhjNmY4YmNlOWJhMjliYzU3MGNjNDQyZGI3YWY5NDU0YTZhZjRkZGY4YjNmZTUyYWY0MTFkMWI3M2VmMjE2NDZjMmUxNWQ3MWNlZWU3OTZmY2VlNGE5NDI1MjRmZTQ0ZjNmNmVhMDU4NGI3ZjNiNzg3YTQ3NzdlZjAsZXlKamJHbGxiblJKWkNJNklpSXNJbTVoYldVaU9pSktjM0J5WldGa2MyaGxaWFFpTENKa1lYUmxJam94TnpVNU56azJNelUwTENKa2IyMWhhVzRpT2xzaWFuTndjbVZoWkhOb1pXVjBMbU52YlNJc0ltTnZaR1Z6WVc1a1ltOTRMbWx2SWl3aWFuTm9aV3hzTG01bGRDSXNJbU56WWk1aGNIQWlMQ0p6ZEdGamEySnNhWFI2TG1sdklpd2lkMlZpWTI5dWRHRnBibVZ5TG1sdklpd2lkMlZpSWl3aWJHOWpZV3hvYjNOMElsMHNJbkJzWVc0aU9pSXpOQ0lzSW5OamIzQmxJanBiSW5ZM0lpd2lkamdpTENKMk9TSXNJbll4TUNJc0luWXhNU0lzSW1Ob1lYSjBjeUlzSW1admNtMXpJaXdpWm05eWJYVnNZU0lzSW5CaGNuTmxjaUlzSW5KbGJtUmxjaUlzSW1OdmJXMWxiblJ6SWl3aWFXMXdiM0owWlhJaUxDSmlZWElpTENKMllXeHBaR0YwYVc5dWN5SXNJbk5sWVhKamFDSXNJbkJ5YVc1MElpd2ljMmhsWlhSeklpd2lZMnhwWlc1MElpd2ljMlZ5ZG1WeUlpd2ljMmhoY0dWeklpd2labTl5YldGMElsMHNJbVJsYlc4aU9uUnlkV1Y5');

// Load the extensions
jspreadsheet.setExtensions({ validations, formula });

@Component({
    standalone: true,
    selector: "app-root",
    template: `<div #spreadsheet></div>`
})
export class AppComponent {
    @ViewChild("spreadsheet") spreadsheet: ElementRef;
    // Worksheets
    worksheets: jspreadsheet.worksheetInstance[];

    // Create a new data grid
    ngAfterViewInit() {
        // Create spreadsheet
        this.worksheets = jspreadsheet(this.spreadsheet.nativeElement, {
            nonce: '704a9427-e2f5-41e1-ba92-f99256b9638d',
            toolbar: true,
            tabs: true,
            worksheets: [{
                data: [
                    [10, "=A1*2"],
                    [20, "=A2*2"],
                    [30, "=A3*2"],
                ],
                minDimensions: [6, 6],
            }],
            validations: [{
                range: 'Sheet1!A1:A3',
                action: "warning",
                criteria: "between",
                type: "number",
                value: [10, 30],
            }]
        });
    }
}

Notes

  • Generate unique nonce values for each request
  • Never hard-code nonce values in production
  • Use Formula Pro extension to avoid unsafe-eval

Edit this page on GitHub