Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove a bit of inline CSS. Add CSP nonce where it might be required and is available. #8783

Merged
merged 1 commit into from Dec 2, 2022
Merged

Remove a bit of inline CSS. Add CSP nonce where it might be required and is available. #8783

merged 1 commit into from Dec 2, 2022

Conversation

juspence
Copy link
Contributor

(Copied from #7960, but nonce removed to avoid conflicts with user-defined policies)

Remove a few instances of inline CSS which could trigger Content Security Policies (CSPs) and replace with classes where required.

Part of #6069.

I've left JavaScript alone as it's covered by #5740 and #7016 (which I think are duplicates of each other?).

@juspence juspence self-assigned this Nov 29, 2022
juspence
juspence commented Nov 29, 2022
View reviewed changes
rest_framework/templates/rest_framework/base.html
{% get_pagination_html paginator %}
</nav>
{% endif %}

<div class="request-info" style="clear: both" aria-label="{% trans "request info" %}">
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clear: both was already in request-info.

@juspence juspence requested a review from auvipy November 29, 2022 18:40
@juspence
Copy link
Contributor Author

@auvipy This is the same as #7960, but with the CSP nonce bit removed to avoid problems.

I will leave this open a few days. Please let me know if you'd like to review again or if I should merge.

@auvipy auvipy added this to the 3.15 milestone Nov 30, 2022
auvipy
auvipy requested changes Nov 30, 2022
View reviewed changes
Copy link
Member

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would you mind sharing the screenshots please after this changes?

@juspence
Copy link
Contributor Author

juspence commented Dec 1, 2022

@auvipy Sorry for the delayed response. Here's before:
Screenshot from 2022-12-01 22-49-56

And after:
Screenshot from 2022-12-01 22-53-57

@juspence juspence requested a review from auvipy December 1, 2022 22:55
@auvipy auvipy merged commit cc3c89a into encode:master Dec 2, 2022
@juspence juspence deleted the remove-inline-css branch December 2, 2022 13:36
@juspence juspence mentioned this pull request Dec 2, 2022
Closed
@cweider cweider mentioned this pull request Aug 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@auvipy auvipy auvipy approved these changes

Assignees

@juspence juspence

Labels
Enhancement
Projects
None yet
Milestone
3.15
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@juspence @auvipy @craiga