Original author: anthonyr...@gmail.com (August 31, 2012 22:03:45)
Currently, as it stands, flot is not compatible with the strict modes of the new HTML5 Content Security Policy.
CSP is designed to impose strict restrictions on the scope of damage that can be done in the event of XSS and various other content injections. The full spec can be found here: http://www.w3.org/TR/CSP/
Original issue: http://code.google.com/p/flot/issues/detail?id=749
From anthonyr...@gmail.com on August 31, 2012 22:11:17
This would also be addressed by Issue 519, which could be considered an opposite of issue 748, and possibly more preferable.
From dnsch...@gmail.com on September 07, 2012 21:46:50
Accepted, but classifying as an enhancement, since this is currently far from required. May merge into issue 748 as necessary.
Sorry about the delay here, somewhere in the migration from code.google to github I lost track of this issue, and didn't remember it's existence until I was about to file this bug all over again with a pull request.
I've refactored bits of insertLegend() & drawLabel() to use jQuery to construct the legend, rather than using "style=" which isn't valid in some strict CSP rulesets.
Everything pertaining to the core jQuery was fixed in 1.8.0 ( http://bugs.jquery.com/ticket/11249 ), and excanvas doesn't require fixing since there is currently no browser that doesn't support canvas but does support CSP.
I'll attach a pull request to this bug shortly, I just want to finish testing for edge cases breaking first.
This issue can be closed.