Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

javascript:void(0) in <a> causing CSP error when 'unsafe-inline' is not allowed! #21

Closed
ryanelian opened this issue Oct 12, 2017 · 1 comment
Closed

javascript:void(0) in <a> causing CSP error when 'unsafe-inline' is not allowed! #21

ryanelian opened this issue Oct 12, 2017 · 1 comment
Labels
good first issue

Comments

@ryanelian
Copy link

ryanelian commented Oct 12, 2017
edited
Loading

Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

https://github.com/cristijora/vue-tabs/blob/master/src/components/VueTabs.js#L155

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Probably should change:

<a href="javascript:void(0)"

into:

<a href="#"
@moondef moondef mentioned this issue Nov 8, 2017
Merged
@moondef
Copy link
Contributor

moondef commented Nov 8, 2017

Fixed
PR

@ahoendgen ahoendgen mentioned this issue Dec 3, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ryanelian @cristijora @moondef