Just in case you'll get:
Invalid template:'<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:creator>${creator}</dc:creator><cp:lastModifiedBy>${lastModifiedBy}</cp:lastModifiedBy><dcterms:created xsi:type="dcterms:W3CDTF">${created}</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">${modified}</dcterms:modified></cp:coreProperties>' Generated code:'var $kendoOutput, $kendoHtmlEncode = kendo.htmlEncode;with(data){$kendoOutput='<?xml version="1.0" encoding="UTF-8" standalone="yes"?>\r\n<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:creator>'+($kendoHtmlEncode(creator))+'</dc:creator><cp:lastModifiedBy>'+($kendoHtmlEncode(lastModifiedBy))+'</cp:lastModifiedBy><dcterms:created xsi:type="dcterms:W3CDTF">'+($kendoHtmlEncode(created))+'</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">'+($kendoHtmlEncode(modified))+'</dcterms:modified></cp:coreProperties>';}return $kendoOutput;'
With firefox I got the message 'Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).'
So in your policy add 'unsave-eval' to the script-src.
Cheers,
L