目前格式:HTML/XML
<script type="text/javascript"
th:inline="javascript"
layout:fragment="contentScript"
th:object="${@sessionAccessor.user}"
th:attr="nonce=${cspNonce}">
/*<![CDATA[*/
// 這裡就是允許的 inline script
const user = /*[[${@sessionAccessor.user}]]*/ null;
console.log('CSP nonce ok:', /*[[${cspNonce}]]*/ '');
/*]]>*/
</script>
PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiCgogICAgICAgIHRoOmlubGluZT0iamF2YXNjcmlwdCIKCiAgICAgICAgbGF5b3V0OmZyYWdtZW50PSJjb250ZW50U2NyaXB0IgoKICAgICAgICB0aDpvYmplY3Q9IiR7QHNlc3Npb25BY2Nlc3Nvci51c2VyfSIKCiAgICAgICAgdGg6YXR0cj0ibm9uY2U9JHtjc3BOb25jZX0iPgoKLyo8IVtDREFUQVsqLwoKICAgIC8vIOmAmeijoeWwseaYr+WFgeioseeahCBpbmxpbmUgc2NyaXB0CgogICAgY29uc3QgdXNlciA9IC8qW1ske0BzZXNzaW9uQWNjZXNzb3IudXNlcn1dXSovIG51bGw7CgogICAgY29uc29sZS5sb2coJ0NTUCBub25jZSBvazonLCAvKltbJHtjc3BOb25jZX1dXSovICcnKTsKCi8qXV0+Ki8KCjwvc2NyaXB0Pgo=