New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
toggle visibility changes time field to current time #15
Labels
Comments
fritzmg
changed the title
toggle visibility changes changes time field to current time
toggle visibility changes time field to current time
Jul 18, 2017
leofeyer
added a commit
that referenced
this issue
Jul 18, 2017
leofeyer
added a commit
to contao/newsletter-bundle
that referenced
this issue
Jul 18, 2017
leofeyer
added a commit
to contao/faq-bundle
that referenced
this issue
Jul 18, 2017
leofeyer
added a commit
to contao/core-bundle
that referenced
this issue
Jul 18, 2017
leofeyer
added a commit
to contao/comments-bundle
that referenced
this issue
Jul 18, 2017
leofeyer
added a commit
to contao/calendar-bundle
that referenced
this issue
Jul 18, 2017
Fixed in aceaa68 (and others). |
agoat
pushed a commit
to agoat/contao-core-bundle
that referenced
this issue
Aug 1, 2017
leofeyer
pushed a commit
that referenced
this issue
Aug 20, 2018
Description ----------- IMO it’s better to increase the required versions in the `require-dev` config of all splits instead of adding special requirements only for `contao/contao`. Commits ------- 3970c8ca Fix dependencies
leofeyer
added a commit
that referenced
this issue
Jan 22, 2024
Description ----------- Now that CSP has landed in contao/contao#6631 (❤️ 🥳 ) we can properly prevent inline styles from being applied randomly which adds yet another layer of security to Contao. My local tests showed that everything is working perfectly fine, except for inline style attributes on our RTE/tinyMCE/WYSIWYG editor fields. Obviously, if you use something like ```html <p style="text-decoration: underline">Foobar</p> ``` this won't work anymore now, as this is possibly forbidden if you do not allow inline styles in your CSP (which you shouldn't as it weakens the policy). Here's a quick draft of how we could improve on this. I thought I'd code it real quick as it's easier to understand for everybody if there's code to look at 😊 The logic is pretty simple: extract the `style` attributes from HTML and if they match an allow-list of pre-defined properties (for security reasons), auto-generate CSP hashes for them. Commits ------- af729ce9 Support CSP on WYSIWYG editors like tinyMCE 737f2d2f Combine multiple identical styles to one CSS class 343a656d Switch to hashing implementation e920800b Remove library 5d49663a Switch to regex implementation 9f7cd5af Finished implementation preparing for @ausi 7bd17a47 Update core-bundle/src/Twig/Extension/ContaoExtension.php 7cd9d160 Adjust the pull request template 3e5cf53c CSP WYSIWYG (#15) a327b522 Added calls on all templates 5e3f6477 Fixed tests 054c0eb1 Make method nullable 347c77f4 Revert changes f1a4a314 Fix regex 0e9e2158 Decode HTML entities before parsing the styles db67dc12 Test TemplateTrait::extractStyleAttributesForCsp() 8cda64e4 Fix font regex 11b55607 Rename extract_styles_for_csp to csp_inline_styles f991bbdc Rename extractStyleAttributesForCsp to cspInlineStyles 6de2fdd1 Rename inlineStyle to cspInlineStyle Co-authored-by: ausi <martin@auswoeger.com> Co-authored-by: leofeyer <1192057+leofeyer@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reproduction
01:00
for example (or anything that is not "now").The text was updated successfully, but these errors were encountered: