Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce TemplateTrait to fix missing method in Widget #6723

Merged
merged 5 commits into from Jan 17, 2024
Merged

Introduce TemplateTrait to fix missing method in Widget #6723

merged 5 commits into from Jan 17, 2024

Conversation

fritzmg
Copy link
Contributor

@fritzmg fritzmg commented Jan 16, 2024
edited

This PR fixes the following things:

  • Added the missing template methods to Contao\Widget (fixes CSP breaks the form fields #6722) by introducing a new TemplateTrait that contains all public member methods that are independent from the Template abstract class.
  • Fixing that also revealed another issue: two of our (front end) templates use hard coded style attributes by default, which will cause a CSP violation. This is fixed by adding hashes for these inline styles.

Note: for CSP Level 3 capable browsers this also requires the unsafe-hashes source to be present in the directive, otherwise CSP hashes do not work for inline style attributes.

Note: many of our PHP front end templates also still have

<?php if ($this->style): ?> style="<?= $this->style ?>"<?php endif; ?>

in them, but I deliberately disregarded those, as these are mostly there only for BC.

@fritzmg fritzmg added the bug label Jan 16, 2024
@fritzmg fritzmg added this to the 5.3 milestone Jan 16, 2024
@fritzmg fritzmg self-assigned this Jan 16, 2024
@fritzmg fritzmg mentioned this pull request Jan 16, 2024
Closed
@fritzmg @m-vo
Apply suggestions from code review
6520ce7 
Co-authored-by: M. Vondano <m-vo@users.noreply.github.com>
@fritzmg fritzmg requested a review from ausi January 16, 2024 22:01
@leofeyer leofeyer merged commit 1bcc89a into contao:5.x Jan 17, 2024
17 checks passed
@leofeyer
Copy link
Member

Thank you @fritzmg.

@fritzmg fritzmg deleted the introduce-template-trait branch January 17, 2024 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Toflar Toflar Toflar left review comments

@m-vo m-vo m-vo left review comments

@leofeyer leofeyer leofeyer approved these changes

@aschempp aschempp Awaiting requested review from aschempp

@ausi ausi Awaiting requested review from ausi

Assignees

@fritzmg fritzmg

Labels
bug
Projects
None yet
Milestone
5.3
Development

Successfully merging this pull request may close these issues.

CSP breaks the form fields
4 participants
@fritzmg @leofeyer @Toflar @m-vo