From 15ae0afe9823bc759b24e6d5c232d9f9215c88b5 Mon Sep 17 00:00:00 2001
From: MiBo <michal.boris27@gmail.com>
Date: Sun, 8 Feb 2026 18:27:34 +0100
Subject: [PATCH 1/6] feat(CSP): API to configure and use CSP Nonce

---
 packages/panels/src/Facades/Filament.php |  2 ++
 packages/panels/src/FilamentManager.php  | 15 +++++++++++++++
 packages/panels/src/helpers.php          |  7 +++++++
 3 files changed, 24 insertions(+)

diff --git a/packages/panels/src/Facades/Filament.php b/packages/panels/src/Facades/Filament.php
index c5b8171c737..89c92bd591c 100644
--- a/packages/panels/src/Facades/Filament.php
+++ b/packages/panels/src/Facades/Filament.php
@@ -165,6 +165,8 @@
  * @method static void setCurrentPanel(Panel | string | null $panel = null)
  * @method static void setServingStatus(bool $condition = true)
  * @method static void setTenant(Model | null $tenant = null, bool $isQuiet = false)
+ * @method static void setCspNonce(string|Closure|null $nonce)
+ * @method static string|null getCspNonce()
  *
  * @see FilamentManager
  */
diff --git a/packages/panels/src/FilamentManager.php b/packages/panels/src/FilamentManager.php
index cdc9b4e4110..0f49e82fe34 100644
--- a/packages/panels/src/FilamentManager.php
+++ b/packages/panels/src/FilamentManager.php
@@ -51,6 +51,8 @@ class FilamentManager
 
     protected ?Model $tenant = null;
 
+    protected string|Closure|null $cspNonce = null;
+
     public function auth(): Guard
     {
         return $this->getCurrentOrDefaultPanel()->auth();
@@ -1104,4 +1106,17 @@ public function getErrorNotifications(): array
     {
         return $this->getCurrentOrDefaultPanel()->getErrorNotifications();
     }
+
+    /**
+     * @param string|(\Closure(): string)|null $nonce
+     */
+    public function useCspNonce(string|Closure|null $nonce): void
+    {
+        $this->cspNonce = $nonce;
+    }
+
+    public function getCspNonce(): ?string
+    {
+        return value($this->cspNonce);
+    }
 }
diff --git a/packages/panels/src/helpers.php b/packages/panels/src/helpers.php
index ed1c1582bd1..23bac386ac9 100644
--- a/packages/panels/src/helpers.php
+++ b/packages/panels/src/helpers.php
@@ -95,3 +95,10 @@ function get_authorization_response(UnitEnum | string $action, Model | string $m
         return $response;
     }
 }
+
+if (!function_exists('Filament\csp_nonce')) {
+    function csp_nonce(): ?string
+    {
+        return Filament::getCspNonce();
+    }
+}

From ded54f1c2f94e6450a6482ab741063f5298bdff3 Mon Sep 17 00:00:00 2001
From: MiBo <michal.boris27@gmail.com>
Date: Sun, 8 Feb 2026 18:40:29 +0100
Subject: [PATCH 2/6] fix(CSP): CSP Nonce to each current HTML element

---
 .../views/database-notifications.blade.php         |  2 +-
 .../resources/views/notifications.blade.php        |  2 +-
 .../views/components/layout/base.blade.php         | 14 +++++++-------
 .../views/components/page/index.blade.php          |  6 +++---
 .../unsaved-action-changes-alert.blade.php         |  2 +-
 .../resources/views/livewire/sidebar.blade.php     |  2 +-
 packages/support/resources/views/assets.blade.php  |  4 ++--
 packages/support/src/Assets/Js.php                 |  5 +++++
 .../views/components/layouts/app.blade.php         |  2 +-
 9 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/packages/notifications/resources/views/database-notifications.blade.php b/packages/notifications/resources/views/database-notifications.blade.php
index 90642b38d68..3c7a4e65b74 100644
--- a/packages/notifications/resources/views/database-notifications.blade.php
+++ b/packages/notifications/resources/views/database-notifications.blade.php
@@ -85,7 +85,7 @@ class="fi-no-database"
 
             @if ($broadcastChannel = $this->getBroadcastChannel())
                 @script
-                    <script>
+                    <script nonce="{{ \Filament\csp_nonce() }}">
                         window.addEventListener('EchoLoaded', () => {
                             window.Echo.private(@js($broadcastChannel)).listen(
                                 '.database-notifications.sent',
diff --git a/packages/notifications/resources/views/notifications.blade.php b/packages/notifications/resources/views/notifications.blade.php
index 3eb25e7a0b2..da590665b09 100644
--- a/packages/notifications/resources/views/notifications.blade.php
+++ b/packages/notifications/resources/views/notifications.blade.php
@@ -19,7 +19,7 @@
 
     @if ($broadcastChannel = $this->getBroadcastChannel())
         @script
-            <script>
+            <script nonce="{{ \Filament\csp_nonce() }}">
                 window.addEventListener('EchoLoaded', () => {
                     window.Echo.private(@js($broadcastChannel)).notification(
                         (notification) => {
diff --git a/packages/panels/resources/views/components/layout/base.blade.php b/packages/panels/resources/views/components/layout/base.blade.php
index eb6a1bec4f6..409724b8f0d 100644
--- a/packages/panels/resources/views/components/layout/base.blade.php
+++ b/packages/panels/resources/views/components/layout/base.blade.php
@@ -39,7 +39,7 @@
 
         {{ \Filament\Support\Facades\FilamentView::renderHook(\Filament\View\PanelsRenderHook::STYLES_BEFORE, scopes: $renderHookScopes) }}
 
-        <style>
+        <style nonce="{{ \Filament\csp_nonce() }}">
             [x-cloak=''],
             [x-cloak='x-cloak'],
             [x-cloak='1'] {
@@ -73,7 +73,7 @@
         {{ filament()->getMonoFontHtml() }}
         {{ filament()->getSerifFontHtml() }}
 
-        <style>
+        <style nonce="{{ \Filament\csp_nonce() }}">
             :root {
                 --font-family: '{!! filament()->getFontFamily() !!}';
                 --mono-font-family: '{!! filament()->getMonoFontFamily() !!}';
@@ -89,15 +89,15 @@
         {{ \Filament\Support\Facades\FilamentView::renderHook(\Filament\View\PanelsRenderHook::STYLES_AFTER, scopes: $renderHookScopes) }}
 
         @if (! filament()->hasDarkMode())
-            <script>
+            <script nonce="{{ \Filament\csp_nonce() }}">
                 localStorage.setItem('theme', 'light')
             </script>
         @elseif (filament()->hasDarkModeForced())
-            <script>
+            <script nonce="{{ \Filament\csp_nonce() }}">
                 localStorage.setItem('theme', 'dark')
             </script>
         @else
-            <script>
+            <script nonce="{{ \Filament\csp_nonce() }}">
                 const loadDarkMode = () => {
                     window.theme = localStorage.getItem('theme') ?? @js(filament()->getDefaultThemeMode()->value)
 
@@ -141,7 +141,7 @@
         @filamentScripts(withCore: true)
 
         @if (filament()->hasBroadcasting() && config('filament.broadcasting.echo'))
-            <script data-navigate-once>
+            <script nonce="{{ \Filament\csp_nonce() }}" data-navigate-once>
                 window.Echo = new window.EchoFactory(@js(config('filament.broadcasting.echo')))
 
                 window.dispatchEvent(new CustomEvent('EchoLoaded'))
@@ -149,7 +149,7 @@
         @endif
 
         @if (filament()->hasDarkMode() && (! filament()->hasDarkModeForced()))
-            <script>
+            <script nonce="{{ \Filament\csp_nonce() }}">
                 loadDarkMode()
             </script>
         @endif
diff --git a/packages/panels/resources/views/components/page/index.blade.php b/packages/panels/resources/views/components/page/index.blade.php
index bd4119056f7..3714a2fab2b 100644
--- a/packages/panels/resources/views/components/page/index.blade.php
+++ b/packages/panels/resources/views/components/page/index.blade.php
@@ -150,7 +150,7 @@ class="fi-page-main-sub-navigation-mobile-menu-render-hook-ctn"
     @if (method_exists($this, 'hasUnsavedDataChangesAlert') && $this->hasUnsavedDataChangesAlert())
         @if (\Filament\Support\Facades\FilamentView::hasSpaMode())
             @script
-                <script>
+                <script nonce="{{ \Filament\csp_nonce() }}">
                     setUpSpaModeUnsavedDataChangesAlert({
                         body: @js(__('filament-panels::unsaved-changes-alert.body')),
                         resolveLivewireComponentUsing: () => @this,
@@ -160,7 +160,7 @@ class="fi-page-main-sub-navigation-mobile-menu-render-hook-ctn"
             @endscript
         @else
             @script
-                <script>
+                <script nonce="{{ \Filament\csp_nonce() }}">
                     setUpUnsavedDataChangesAlert({ $wire })
                 </script>
             @endscript
@@ -169,7 +169,7 @@ class="fi-page-main-sub-navigation-mobile-menu-render-hook-ctn"
 
     @if (! app()->hasDebugModeEnabled())
         @script
-            <script>
+            <script nonce="{{ \Filament\csp_nonce() }}">
                 window.filamentErrorNotifications = @js($this->hasErrorNotifications() ? $this->getErrorNotifications() : null)
             </script>
         @endscript
diff --git a/packages/panels/resources/views/components/unsaved-action-changes-alert.blade.php b/packages/panels/resources/views/components/unsaved-action-changes-alert.blade.php
index fde861e1b12..82b34a45405 100644
--- a/packages/panels/resources/views/components/unsaved-action-changes-alert.blade.php
+++ b/packages/panels/resources/views/components/unsaved-action-changes-alert.blade.php
@@ -1,6 +1,6 @@
 @if (filament()->hasUnsavedChangesAlerts())
     @script
-        <script>
+        <script nonce="{{ \Filament\csp_nonce() }}">
             setUpUnsavedActionChangesAlert({
                 resolveLivewireComponentUsing: () => @this,
                 $wire,
diff --git a/packages/panels/resources/views/livewire/sidebar.blade.php b/packages/panels/resources/views/livewire/sidebar.blade.php
index 51c04ed8765..5d5feaa1f9a 100644
--- a/packages/panels/resources/views/livewire/sidebar.blade.php
+++ b/packages/panels/resources/views/livewire/sidebar.blade.php
@@ -126,7 +126,7 @@ class="fi-sidebar-close-collapse-sidebar-btn"
                 @endforeach
             </ul>
 
-            <script>
+            <script nonce="{{ \Filament\csp_nonce() }}">
                 var collapsedGroups = JSON.parse(
                     localStorage.getItem('collapsedGroups'),
                 )
diff --git a/packages/support/resources/views/assets.blade.php b/packages/support/resources/views/assets.blade.php
index 11de77171e9..3c53eba5dcf 100644
--- a/packages/support/resources/views/assets.blade.php
+++ b/packages/support/resources/views/assets.blade.php
@@ -1,5 +1,5 @@
 @if (isset($data))
-    <script>
+    <script nonce="{{ \Filament\csp_nonce() }}">
         window.filamentData = @js($data)
     </script>
 @endif
@@ -10,7 +10,7 @@
     @endif
 @endforeach
 
-<style>
+<style nonce="{{ \Filament\csp_nonce() }}">
     :root {
         @foreach ($cssVariables ?? [] as $cssVariableName => $cssVariableValue) --{{ $cssVariableName }}:{{ $cssVariableValue }}; @endforeach
     }
diff --git a/packages/support/src/Assets/Js.php b/packages/support/src/Assets/Js.php
index adf6dde1914..eb3fbfabcb0 100644
--- a/packages/support/src/Assets/Js.php
+++ b/packages/support/src/Assets/Js.php
@@ -2,9 +2,11 @@
 
 namespace Filament\Support\Assets;
 
+use Filament\Facades\Filament;
 use Filament\Support\Facades\FilamentView;
 use Illuminate\Contracts\Support\Htmlable;
 use Illuminate\Support\HtmlString;
+use function Filament\csp_nonce;
 
 class Js extends Asset
 {
@@ -116,6 +118,8 @@ public function getHtml(): Htmlable
         $defer = $this->isDeferred() ? 'defer' : '';
         $module = $this->isModule() ? 'type="module"' : '';
         $extraAttributesHtml = $this->getExtraAttributesHtml();
+        $cspNonce = Filament::getCspNonce();
+        $cspNonce = $cspNonce === null || $cspNonce === '' ? '' : 'nonce="' . $cspNonce . '"';
 
         $hasSpaMode = FilamentView::hasSpaMode();
 
@@ -132,6 +136,7 @@ public function getHtml(): Htmlable
                 {$extraAttributesHtml}
                 {$navigateOnce}
                 {$navigateTrack}
+                {$cspNonce}
             ></script>
         ",
         );
diff --git a/packages/support/stubs/scaffolding/resources/views/components/layouts/app.blade.php b/packages/support/stubs/scaffolding/resources/views/components/layouts/app.blade.php
index 81d07b073b4..db6da6256d2 100644
--- a/packages/support/stubs/scaffolding/resources/views/components/layouts/app.blade.php
+++ b/packages/support/stubs/scaffolding/resources/views/components/layouts/app.blade.php
@@ -9,7 +9,7 @@
 
         <title>{{ config('app.name') }}</title>
 
-        <style>
+        <style nonce="{{ \Filament\csp_nonce() }}">
             [x-cloak] {
                 display: none !important;
             }

From e75bd27cab8728dbb772684c5b2dfd683069a609 Mon Sep 17 00:00:00 2001
From: MiBo <michal.boris27@gmail.com>
Date: Sun, 8 Feb 2026 19:30:59 +0100
Subject: [PATCH 3/6] fix(CSP): Style attribute to scoped elements w/ nonces

Ignoring x-bind:style
---
 .../views/components/modals.blade.php         |  5 +++-
 .../views/components/textarea.blade.php       |  5 +++-
 .../RichEditor/Actions/TextColorAction.php    | 27 ++++++++++++++-----
 .../src/Components/RepeatableEntry.php        | 12 ++++++---
 .../components/dropdown/list/item.blade.php   |  9 +++++--
 .../resources/views/chart-widget.blade.php    | 10 ++++++-
 6 files changed, 54 insertions(+), 14 deletions(-)

diff --git a/packages/actions/resources/views/components/modals.blade.php b/packages/actions/resources/views/components/modals.blade.php
index a125899a4d4..d2d20758be6 100644
--- a/packages/actions/resources/views/components/modals.blade.php
+++ b/packages/actions/resources/views/components/modals.blade.php
@@ -1,10 +1,13 @@
 @if ($this instanceof \Filament\Actions\Contracts\HasActions && (! $this->hasActionsModalRendered))
+    <style nonce="{{ \Filament\csp_nonce() }}" scoped>
+        .fi-internal-components-modals {height: 0;}
+    </style>
     <div
         wire:partial="action-modals"
         x-data="filamentActionModals({
                     livewireId: @js($this->getId()),
                 })"
-        style="height: 0"
+        class="fi-internal-components-modals"
     >
         @foreach ($this->getMountedActions() as $action)
             @if ((! $loop->last) || $this->mountedActionShouldOpenModal())
diff --git a/packages/forms/resources/views/components/textarea.blade.php b/packages/forms/resources/views/components/textarea.blade.php
index 39f3d7f6fac..174f4ea853d 100644
--- a/packages/forms/resources/views/components/textarea.blade.php
+++ b/packages/forms/resources/views/components/textarea.blade.php
@@ -28,7 +28,10 @@ class="fi-fo-textarea-wrp"
                 ])
         "
     >
-        <div wire:ignore.self style="height: '{{ $initialHeight . 'rem' }}'">
+        <style nonce="{{ \Filament\csp_nonce() }}" scoped>
+            .fi-internal-components-textarea {height: '{{ $initialHeight . 'rem' }}'; }
+        </style>
+        <div wire:ignore.self class="fi-internal-components-textarea">
             <textarea
                 x-load
                 x-load-src="{{ \Filament\Support\Facades\FilamentAsset::getAlpineComponentSrc('textarea', 'filament/forms') }}"
diff --git a/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php b/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
index 9eebcfd7580..b29e8f425e0 100644
--- a/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
+++ b/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
@@ -3,6 +3,7 @@
 namespace Filament\Forms\Components\RichEditor\Actions;
 
 use Filament\Actions\Action;
+use Filament\Facades\Filament;
 use Filament\Forms\Components\ColorPicker;
 use Filament\Forms\Components\RichEditor;
 use Filament\Forms\Components\RichEditor\EditorCommand;
@@ -10,6 +11,7 @@
 use Filament\Forms\Components\Select;
 use Filament\Support\Enums\Width;
 use Illuminate\Support\Arr;
+use Illuminate\Support\Str;
 
 class TextColorAction
 {
@@ -26,13 +28,26 @@ public static function make(): Action
             ->schema(function (RichEditor $component) {
                 $options = Arr::mapWithKeys(
                     $component->getTextColors(),
-                    fn (TextColor $color, string $name): array => [$name => <<<HTML
-                        <div class="fi-fo-rich-editor-text-color-select-option">
-                            <div class="fi-fo-rich-editor-text-color-select-option-preview" style="--color: {$color->getColor()}; --dark-color: {$color->getDarkColor()}"></div>
+                    function (TextColor $color, string $name): array {
+                        $uniqueClass = 'fi-unique-' . Str::random();
+                        $nonce       = Filament::getCspNonce();
 
-                            <div>{$color->getSafeLabelHtml()}</div>
-                        </div>
-                        HTML],
+                        return [
+                            $name => <<<HTML
+                                <div class="fi-fo-rich-editor-text-color-select-option">
+                                    <style nonce="{$nonce}" scoped>
+                                        .{$uniqueClass} {
+                                            --color: '{$color->getColor()}';
+                                            --dark-color: '{$color->getColor()}';
+                                        }
+                                    </style>
+                                    <div class="fi-fo-rich-editor-text-color-select-option-preview {$uniqueClass}" ></div>
+
+                                    <div>{$color->getSafeLabelHtml()}</div>
+                                </div>
+                            HTML
+                        ];
+                    },
                 );
 
                 return [
diff --git a/packages/infolists/src/Components/RepeatableEntry.php b/packages/infolists/src/Components/RepeatableEntry.php
index 205af102126..1c150b03642 100644
--- a/packages/infolists/src/Components/RepeatableEntry.php
+++ b/packages/infolists/src/Components/RepeatableEntry.php
@@ -15,6 +15,7 @@
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Js;
+use function Filament\csp_nonce;
 
 class RepeatableEntry extends Entry implements HasEmbeddedView
 {
@@ -185,6 +186,13 @@ protected function toEmbeddedTableHtml(): string
 
         ob_start(); ?>
 
+        <style nonce="<?= csp_nonce() ?>" scoped>
+          <?php foreach (array_filter(array_unique(array_map(static fn ($column): string => $column->getWidth(), $tableColumns)), static fn (string $value) => trim($value) !== '') as $width) { ?>
+              <?= '.fi-internal-components-repeatable-' . $width ?> {
+                  width: <?= $width ?>;
+              }
+          <?php } ?>
+        </style>
         <div <?= $attributes->toHtml() ?>>
             <table>
                 <thead>
@@ -194,10 +202,8 @@ protected function toEmbeddedTableHtml(): string
                                 class="<?= Arr::toCssClasses([
                                     'fi-wrapped' => $column->canHeaderWrap(),
                                     (($columnAlignment = $column->getAlignment()) instanceof Alignment) ? ('fi-align-' . $columnAlignment->value) : $columnAlignment,
+                                    'fi-internal-components-repeatable-' . ($columnWidth = $column->getWidth()) => filled($columnWidth),
                                 ]) ?>"
-                                <?php if (filled($columnWidth = $column->getWidth())) { ?>
-                                    style="width: <?= $columnWidth ?>"
-                                <?php } ?>
                             >
                                 <?php if (! $column->isHeaderLabelHidden()) { ?>
                                     <?= e($column->getLabel()) ?>
diff --git a/packages/support/resources/views/components/dropdown/list/item.blade.php b/packages/support/resources/views/components/dropdown/list/item.blade.php
index 59e66c7fa94..743f535aa43 100644
--- a/packages/support/resources/views/components/dropdown/list/item.blade.php
+++ b/packages/support/resources/views/components/dropdown/list/item.blade.php
@@ -106,9 +106,14 @@
     @endif
 
     @if ($image)
+        @php($uniqueClass = 'fi-unique-' . \Illuminate\Support\Str::random())
+        <style nonce="{{ \Filament\csp_nonce() }}" scoped>
+            .{{ $uniqueClass }} {
+                background-image: url('{{ $image }}');
+            }
+        </style>
         <div
-            class="fi-dropdown-list-item-image"
-            style="background-image: url('{{ $image }}')"
+            class="fi-dropdown-list-item-image {{ $uniqueClass }}"
             @if ($hasLoadingIndicator)
                 wire:loading.remove.delay.{{ config('filament.livewire_loading_delay', 'default') }}
                 wire:target="{{ $loadingIndicatorTarget }}"
diff --git a/packages/widgets/resources/views/chart-widget.blade.php b/packages/widgets/resources/views/chart-widget.blade.php
index a12e7a4504d..f405a0bc007 100644
--- a/packages/widgets/resources/views/chart-widget.blade.php
+++ b/packages/widgets/resources/views/chart-widget.blade.php
@@ -91,10 +91,18 @@ class="fi-wi-chart-filter-content-actions-ctn"
                         ])
                 }}
             >
+                <style nonce="{{ \Filament\csp_nonce() }}" scoped>
+                    @if ($maxHeight)
+                        .fi-internal-views-chart-widget-{{ $maxHeight }} {
+                            max-height: {{ $maxHeight }};
+                        }
+                    @endif
+                </style>
+
                 <canvas
                     x-ref="canvas"
                     @if ($maxHeight)
-                        style="max-height: {{ $maxHeight }}"
+                        class="fi-internal-views-chart-widget-{{ $maxHeight }}"
                     @endif
                 ></canvas>
 

From a15ed542f8137ba87c8420a96a539126b43258d1 Mon Sep 17 00:00:00 2001
From: MiBo <michal.boris27@gmail.com>
Date: Sun, 8 Feb 2026 19:55:55 +0100
Subject: [PATCH 4/6] fix(StyleElem): Removed scoped attribute

---
 packages/actions/resources/views/components/modals.blade.php    | 2 +-
 packages/forms/resources/views/components/textarea.blade.php    | 2 +-
 .../forms/src/Components/RichEditor/Actions/TextColorAction.php | 2 +-
 packages/infolists/src/Components/RepeatableEntry.php           | 2 +-
 .../resources/views/components/dropdown/list/item.blade.php     | 2 +-
 packages/widgets/resources/views/chart-widget.blade.php         | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/packages/actions/resources/views/components/modals.blade.php b/packages/actions/resources/views/components/modals.blade.php
index d2d20758be6..c94b485e4e2 100644
--- a/packages/actions/resources/views/components/modals.blade.php
+++ b/packages/actions/resources/views/components/modals.blade.php
@@ -1,5 +1,5 @@
 @if ($this instanceof \Filament\Actions\Contracts\HasActions && (! $this->hasActionsModalRendered))
-    <style nonce="{{ \Filament\csp_nonce() }}" scoped>
+    <style nonce="{{ \Filament\csp_nonce() }}">
         .fi-internal-components-modals {height: 0;}
     </style>
     <div
diff --git a/packages/forms/resources/views/components/textarea.blade.php b/packages/forms/resources/views/components/textarea.blade.php
index 174f4ea853d..a3de237e119 100644
--- a/packages/forms/resources/views/components/textarea.blade.php
+++ b/packages/forms/resources/views/components/textarea.blade.php
@@ -28,7 +28,7 @@ class="fi-fo-textarea-wrp"
                 ])
         "
     >
-        <style nonce="{{ \Filament\csp_nonce() }}" scoped>
+        <style nonce="{{ \Filament\csp_nonce() }}">
             .fi-internal-components-textarea {height: '{{ $initialHeight . 'rem' }}'; }
         </style>
         <div wire:ignore.self class="fi-internal-components-textarea">
diff --git a/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php b/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
index b29e8f425e0..25e235cb4b9 100644
--- a/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
+++ b/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
@@ -35,7 +35,7 @@ function (TextColor $color, string $name): array {
                         return [
                             $name => <<<HTML
                                 <div class="fi-fo-rich-editor-text-color-select-option">
-                                    <style nonce="{$nonce}" scoped>
+                                    <style nonce="{$nonce}">
                                         .{$uniqueClass} {
                                             --color: '{$color->getColor()}';
                                             --dark-color: '{$color->getColor()}';
diff --git a/packages/infolists/src/Components/RepeatableEntry.php b/packages/infolists/src/Components/RepeatableEntry.php
index 1c150b03642..1f5ebc2d84e 100644
--- a/packages/infolists/src/Components/RepeatableEntry.php
+++ b/packages/infolists/src/Components/RepeatableEntry.php
@@ -186,7 +186,7 @@ protected function toEmbeddedTableHtml(): string
 
         ob_start(); ?>
 
-        <style nonce="<?= csp_nonce() ?>" scoped>
+        <style nonce="<?= csp_nonce() ?>">
           <?php foreach (array_filter(array_unique(array_map(static fn ($column): string => $column->getWidth(), $tableColumns)), static fn (string $value) => trim($value) !== '') as $width) { ?>
               <?= '.fi-internal-components-repeatable-' . $width ?> {
                   width: <?= $width ?>;
diff --git a/packages/support/resources/views/components/dropdown/list/item.blade.php b/packages/support/resources/views/components/dropdown/list/item.blade.php
index 743f535aa43..fa014bc6aeb 100644
--- a/packages/support/resources/views/components/dropdown/list/item.blade.php
+++ b/packages/support/resources/views/components/dropdown/list/item.blade.php
@@ -107,7 +107,7 @@
 
     @if ($image)
         @php($uniqueClass = 'fi-unique-' . \Illuminate\Support\Str::random())
-        <style nonce="{{ \Filament\csp_nonce() }}" scoped>
+        <style nonce="{{ \Filament\csp_nonce() }}">
             .{{ $uniqueClass }} {
                 background-image: url('{{ $image }}');
             }
diff --git a/packages/widgets/resources/views/chart-widget.blade.php b/packages/widgets/resources/views/chart-widget.blade.php
index f405a0bc007..40a885b5bc0 100644
--- a/packages/widgets/resources/views/chart-widget.blade.php
+++ b/packages/widgets/resources/views/chart-widget.blade.php
@@ -91,7 +91,7 @@ class="fi-wi-chart-filter-content-actions-ctn"
                         ])
                 }}
             >
-                <style nonce="{{ \Filament\csp_nonce() }}" scoped>
+                <style nonce="{{ \Filament\csp_nonce() }}">
                     @if ($maxHeight)
                         .fi-internal-views-chart-widget-{{ $maxHeight }} {
                             max-height: {{ $maxHeight }};

From 42cbac56b9fa7ca60f8ec7a57168bffa74454f46 Mon Sep 17 00:00:00 2001
From: MiBo <michal.boris27@gmail.com>
Date: Mon, 9 Feb 2026 09:43:42 +0100
Subject: [PATCH 5/6] Revert "Merge branch
 'dev/mibo/csp-part/simple-inlines-to-elems' into dev/mibo/csp"

This reverts commit fae3acb172190775d80da081a7d920d3606b8d6c, reversing
changes made to 5fce0279483baea39db0a919bcf5525cf6323e76.
---
 packages/actions/resources/views/components/modals.blade.php    | 2 +-
 packages/forms/resources/views/components/textarea.blade.php    | 2 +-
 .../forms/src/Components/RichEditor/Actions/TextColorAction.php | 2 +-
 packages/infolists/src/Components/RepeatableEntry.php           | 2 +-
 .../resources/views/components/dropdown/list/item.blade.php     | 2 +-
 packages/widgets/resources/views/chart-widget.blade.php         | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/packages/actions/resources/views/components/modals.blade.php b/packages/actions/resources/views/components/modals.blade.php
index c94b485e4e2..d2d20758be6 100644
--- a/packages/actions/resources/views/components/modals.blade.php
+++ b/packages/actions/resources/views/components/modals.blade.php
@@ -1,5 +1,5 @@
 @if ($this instanceof \Filament\Actions\Contracts\HasActions && (! $this->hasActionsModalRendered))
-    <style nonce="{{ \Filament\csp_nonce() }}">
+    <style nonce="{{ \Filament\csp_nonce() }}" scoped>
         .fi-internal-components-modals {height: 0;}
     </style>
     <div
diff --git a/packages/forms/resources/views/components/textarea.blade.php b/packages/forms/resources/views/components/textarea.blade.php
index a3de237e119..174f4ea853d 100644
--- a/packages/forms/resources/views/components/textarea.blade.php
+++ b/packages/forms/resources/views/components/textarea.blade.php
@@ -28,7 +28,7 @@ class="fi-fo-textarea-wrp"
                 ])
         "
     >
-        <style nonce="{{ \Filament\csp_nonce() }}">
+        <style nonce="{{ \Filament\csp_nonce() }}" scoped>
             .fi-internal-components-textarea {height: '{{ $initialHeight . 'rem' }}'; }
         </style>
         <div wire:ignore.self class="fi-internal-components-textarea">
diff --git a/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php b/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
index 25e235cb4b9..b29e8f425e0 100644
--- a/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
+++ b/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
@@ -35,7 +35,7 @@ function (TextColor $color, string $name): array {
                         return [
                             $name => <<<HTML
                                 <div class="fi-fo-rich-editor-text-color-select-option">
-                                    <style nonce="{$nonce}">
+                                    <style nonce="{$nonce}" scoped>
                                         .{$uniqueClass} {
                                             --color: '{$color->getColor()}';
                                             --dark-color: '{$color->getColor()}';
diff --git a/packages/infolists/src/Components/RepeatableEntry.php b/packages/infolists/src/Components/RepeatableEntry.php
index 1f5ebc2d84e..1c150b03642 100644
--- a/packages/infolists/src/Components/RepeatableEntry.php
+++ b/packages/infolists/src/Components/RepeatableEntry.php
@@ -186,7 +186,7 @@ protected function toEmbeddedTableHtml(): string
 
         ob_start(); ?>
 
-        <style nonce="<?= csp_nonce() ?>">
+        <style nonce="<?= csp_nonce() ?>" scoped>
           <?php foreach (array_filter(array_unique(array_map(static fn ($column): string => $column->getWidth(), $tableColumns)), static fn (string $value) => trim($value) !== '') as $width) { ?>
               <?= '.fi-internal-components-repeatable-' . $width ?> {
                   width: <?= $width ?>;
diff --git a/packages/support/resources/views/components/dropdown/list/item.blade.php b/packages/support/resources/views/components/dropdown/list/item.blade.php
index fa014bc6aeb..743f535aa43 100644
--- a/packages/support/resources/views/components/dropdown/list/item.blade.php
+++ b/packages/support/resources/views/components/dropdown/list/item.blade.php
@@ -107,7 +107,7 @@
 
     @if ($image)
         @php($uniqueClass = 'fi-unique-' . \Illuminate\Support\Str::random())
-        <style nonce="{{ \Filament\csp_nonce() }}">
+        <style nonce="{{ \Filament\csp_nonce() }}" scoped>
             .{{ $uniqueClass }} {
                 background-image: url('{{ $image }}');
             }
diff --git a/packages/widgets/resources/views/chart-widget.blade.php b/packages/widgets/resources/views/chart-widget.blade.php
index 40a885b5bc0..f405a0bc007 100644
--- a/packages/widgets/resources/views/chart-widget.blade.php
+++ b/packages/widgets/resources/views/chart-widget.blade.php
@@ -91,7 +91,7 @@ class="fi-wi-chart-filter-content-actions-ctn"
                         ])
                 }}
             >
-                <style nonce="{{ \Filament\csp_nonce() }}">
+                <style nonce="{{ \Filament\csp_nonce() }}" scoped>
                     @if ($maxHeight)
                         .fi-internal-views-chart-widget-{{ $maxHeight }} {
                             max-height: {{ $maxHeight }};

From 9b67c806ef9897473a43cdeeff67d2aa6e88b6a8 Mon Sep 17 00:00:00 2001
From: MiBo <michal.boris27@gmail.com>
Date: Mon, 9 Feb 2026 09:44:10 +0100
Subject: [PATCH 6/6] Revert "Merge branch
 'dev/mibo/csp-part/simple-inlines-to-elems' into dev/mibo/csp"

This reverts commit 5fce0279483baea39db0a919bcf5525cf6323e76, reversing
changes made to 6084a073dfe1340ef1a4bc067d97326ccf6c825c.
---
 .../views/components/modals.blade.php         |  5 +---
 .../views/components/textarea.blade.php       |  5 +---
 .../RichEditor/Actions/TextColorAction.php    | 27 +++++--------------
 .../src/Components/RepeatableEntry.php        | 12 +++------
 .../components/dropdown/list/item.blade.php   |  9 ++-----
 .../resources/views/chart-widget.blade.php    | 10 +------
 6 files changed, 14 insertions(+), 54 deletions(-)

diff --git a/packages/actions/resources/views/components/modals.blade.php b/packages/actions/resources/views/components/modals.blade.php
index d2d20758be6..a125899a4d4 100644
--- a/packages/actions/resources/views/components/modals.blade.php
+++ b/packages/actions/resources/views/components/modals.blade.php
@@ -1,13 +1,10 @@
 @if ($this instanceof \Filament\Actions\Contracts\HasActions && (! $this->hasActionsModalRendered))
-    <style nonce="{{ \Filament\csp_nonce() }}" scoped>
-        .fi-internal-components-modals {height: 0;}
-    </style>
     <div
         wire:partial="action-modals"
         x-data="filamentActionModals({
                     livewireId: @js($this->getId()),
                 })"
-        class="fi-internal-components-modals"
+        style="height: 0"
     >
         @foreach ($this->getMountedActions() as $action)
             @if ((! $loop->last) || $this->mountedActionShouldOpenModal())
diff --git a/packages/forms/resources/views/components/textarea.blade.php b/packages/forms/resources/views/components/textarea.blade.php
index 174f4ea853d..39f3d7f6fac 100644
--- a/packages/forms/resources/views/components/textarea.blade.php
+++ b/packages/forms/resources/views/components/textarea.blade.php
@@ -28,10 +28,7 @@ class="fi-fo-textarea-wrp"
                 ])
         "
     >
-        <style nonce="{{ \Filament\csp_nonce() }}" scoped>
-            .fi-internal-components-textarea {height: '{{ $initialHeight . 'rem' }}'; }
-        </style>
-        <div wire:ignore.self class="fi-internal-components-textarea">
+        <div wire:ignore.self style="height: '{{ $initialHeight . 'rem' }}'">
             <textarea
                 x-load
                 x-load-src="{{ \Filament\Support\Facades\FilamentAsset::getAlpineComponentSrc('textarea', 'filament/forms') }}"
diff --git a/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php b/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
index b29e8f425e0..9eebcfd7580 100644
--- a/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
+++ b/packages/forms/src/Components/RichEditor/Actions/TextColorAction.php
@@ -3,7 +3,6 @@
 namespace Filament\Forms\Components\RichEditor\Actions;
 
 use Filament\Actions\Action;
-use Filament\Facades\Filament;
 use Filament\Forms\Components\ColorPicker;
 use Filament\Forms\Components\RichEditor;
 use Filament\Forms\Components\RichEditor\EditorCommand;
@@ -11,7 +10,6 @@
 use Filament\Forms\Components\Select;
 use Filament\Support\Enums\Width;
 use Illuminate\Support\Arr;
-use Illuminate\Support\Str;
 
 class TextColorAction
 {
@@ -28,26 +26,13 @@ public static function make(): Action
             ->schema(function (RichEditor $component) {
                 $options = Arr::mapWithKeys(
                     $component->getTextColors(),
-                    function (TextColor $color, string $name): array {
-                        $uniqueClass = 'fi-unique-' . Str::random();
-                        $nonce       = Filament::getCspNonce();
+                    fn (TextColor $color, string $name): array => [$name => <<<HTML
+                        <div class="fi-fo-rich-editor-text-color-select-option">
+                            <div class="fi-fo-rich-editor-text-color-select-option-preview" style="--color: {$color->getColor()}; --dark-color: {$color->getDarkColor()}"></div>
 
-                        return [
-                            $name => <<<HTML
-                                <div class="fi-fo-rich-editor-text-color-select-option">
-                                    <style nonce="{$nonce}" scoped>
-                                        .{$uniqueClass} {
-                                            --color: '{$color->getColor()}';
-                                            --dark-color: '{$color->getColor()}';
-                                        }
-                                    </style>
-                                    <div class="fi-fo-rich-editor-text-color-select-option-preview {$uniqueClass}" ></div>
-
-                                    <div>{$color->getSafeLabelHtml()}</div>
-                                </div>
-                            HTML
-                        ];
-                    },
+                            <div>{$color->getSafeLabelHtml()}</div>
+                        </div>
+                        HTML],
                 );
 
                 return [
diff --git a/packages/infolists/src/Components/RepeatableEntry.php b/packages/infolists/src/Components/RepeatableEntry.php
index 1c150b03642..205af102126 100644
--- a/packages/infolists/src/Components/RepeatableEntry.php
+++ b/packages/infolists/src/Components/RepeatableEntry.php
@@ -15,7 +15,6 @@
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Js;
-use function Filament\csp_nonce;
 
 class RepeatableEntry extends Entry implements HasEmbeddedView
 {
@@ -186,13 +185,6 @@ protected function toEmbeddedTableHtml(): string
 
         ob_start(); ?>
 
-        <style nonce="<?= csp_nonce() ?>" scoped>
-          <?php foreach (array_filter(array_unique(array_map(static fn ($column): string => $column->getWidth(), $tableColumns)), static fn (string $value) => trim($value) !== '') as $width) { ?>
-              <?= '.fi-internal-components-repeatable-' . $width ?> {
-                  width: <?= $width ?>;
-              }
-          <?php } ?>
-        </style>
         <div <?= $attributes->toHtml() ?>>
             <table>
                 <thead>
@@ -202,8 +194,10 @@ protected function toEmbeddedTableHtml(): string
                                 class="<?= Arr::toCssClasses([
                                     'fi-wrapped' => $column->canHeaderWrap(),
                                     (($columnAlignment = $column->getAlignment()) instanceof Alignment) ? ('fi-align-' . $columnAlignment->value) : $columnAlignment,
-                                    'fi-internal-components-repeatable-' . ($columnWidth = $column->getWidth()) => filled($columnWidth),
                                 ]) ?>"
+                                <?php if (filled($columnWidth = $column->getWidth())) { ?>
+                                    style="width: <?= $columnWidth ?>"
+                                <?php } ?>
                             >
                                 <?php if (! $column->isHeaderLabelHidden()) { ?>
                                     <?= e($column->getLabel()) ?>
diff --git a/packages/support/resources/views/components/dropdown/list/item.blade.php b/packages/support/resources/views/components/dropdown/list/item.blade.php
index 743f535aa43..59e66c7fa94 100644
--- a/packages/support/resources/views/components/dropdown/list/item.blade.php
+++ b/packages/support/resources/views/components/dropdown/list/item.blade.php
@@ -106,14 +106,9 @@
     @endif
 
     @if ($image)
-        @php($uniqueClass = 'fi-unique-' . \Illuminate\Support\Str::random())
-        <style nonce="{{ \Filament\csp_nonce() }}" scoped>
-            .{{ $uniqueClass }} {
-                background-image: url('{{ $image }}');
-            }
-        </style>
         <div
-            class="fi-dropdown-list-item-image {{ $uniqueClass }}"
+            class="fi-dropdown-list-item-image"
+            style="background-image: url('{{ $image }}')"
             @if ($hasLoadingIndicator)
                 wire:loading.remove.delay.{{ config('filament.livewire_loading_delay', 'default') }}
                 wire:target="{{ $loadingIndicatorTarget }}"
diff --git a/packages/widgets/resources/views/chart-widget.blade.php b/packages/widgets/resources/views/chart-widget.blade.php
index f405a0bc007..a12e7a4504d 100644
--- a/packages/widgets/resources/views/chart-widget.blade.php
+++ b/packages/widgets/resources/views/chart-widget.blade.php
@@ -91,18 +91,10 @@ class="fi-wi-chart-filter-content-actions-ctn"
                         ])
                 }}
             >
-                <style nonce="{{ \Filament\csp_nonce() }}" scoped>
-                    @if ($maxHeight)
-                        .fi-internal-views-chart-widget-{{ $maxHeight }} {
-                            max-height: {{ $maxHeight }};
-                        }
-                    @endif
-                </style>
-
                 <canvas
                     x-ref="canvas"
                     @if ($maxHeight)
-                        class="fi-internal-views-chart-widget-{{ $maxHeight }}"
+                        style="max-height: {{ $maxHeight }}"
                     @endif
                 ></canvas>