You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
-----------
This PR fixes the following things:
* Added the missing template methods to `Contao\Widget` (fixes#6722) by introducing a new `TemplateTrait` that contains all public member methods that are independent from the `Template` abstract class.
* Fixing that also revealed another issue: two of our (front end) templates use hard coded `style` attributes by default, which will cause a CSP violation. This is fixed by adding hashes for these inline styles.
_Note:_ for CSP Level 3 capable browsers this also requires the `unsafe-hashes` source to be present in the directive, otherwise CSP hashes do not work for inline style _attributes_.
_Note:_ many of our PHP front end templates also still have
```php
<?php if ($this->style): ?> style="<?= $this->style ?>"<?php endif; ?>
```
in them, but I deliberately disregarded those, as these are mostly there only for BC.
Commits
-------
9271c80 introduce TemplateTrait
157bea7 also add hash function to Twig runtime
6520ce7 Apply suggestions from code review
Affected version(s)
5.3
Description
The new CSP features seem to break form fields in the front end.
https://github.com/contao/contao/blob/5.x/core-bundle/contao/templates/forms/form_captcha.html5#L25
This is probably because widget templates do not extend from
Template
but fromWidget
.The text was updated successfully, but these errors were encountered: