This repository has been archived by the owner on May 29, 2019. It is now read-only.
Accordion: href="javascript:void(0);" Content Security Policy (CSP) Error #3904
Labels
Milestone
PR #2869 introduced an empty href attribute to enable keyboard accessibility for toggling accordion groups. This introduced a page refresh issue which was fixed by #3299. The fix for this was introducing a noop via javascript.void(0) to the href attribute. The result of this change is that it breaks the CSP rules such as our use case where we've disabled all inline javascript execution. This needs an alternative workaround that doesn't rely on having an inline script for the empty href attribute.
Please see https://developer.mozilla.org/en-US/docs/Web/Security/CSP for a quick introduction to CSP.
The text was updated successfully, but these errors were encountered: