Help script "nonce" attribute is considered like boolean and is not getting it's value

I’ve been using Phoenix 1.7 and try to put a value “nonce” in an script tag, but no matter what value you put the output in HEEx will be a simple presence of the attribute, and not the string value.

<script nonce="desire_value"></script>

HEEx will generate just:

<script nonce> </script>

Like if “nonce” were a simple boolean attribute but it is not.

Any help ?


Even live_dashboard library is not working because the tag is rendered without “nonce” value.

live_dashboard("/dashboard", metrics: MyWeb.Telemetry, csp_nonce_assign_key: :csp_nonce_value)

Will render:

<script nonce>

"use strict";

(function() {
  var PolyfillEvent = eventConstructor();


And will not work with csp policy.

Ok forget it is browser capability

Have you tried using raw/1?

script nonce=<%= raw(“string literal”) %>>

Thanks for your answer, but actually it was my mistake. The nonce attribute were rendered correctly, but the web browser’s hides their values intentionally, with a simple curl or wget, the nonce is rendered and working ok!

1 Like