-
-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
do not require Content Security Policy (CSP) style-src 'unsafe-inline' #321
Conversation
Could get rid of `style-src: 'unsafe-inline'` after mkoryak/floatThead#321 has been merged and made it's way in a new release. Part of #90
I think this is also much cleaner JS/jQuery code. 👍 |
} | ||
|
||
cols = cols.join(''); | ||
cells = cells.join(''); | ||
|
||
if(createElements){ | ||
psuedo = psuedo.join(''); | ||
$fthRow.html(psuedo); | ||
$fthRow.append(psuedo); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is appending an array actually any faster than html
which i assume uses innerHTML?
I am optimizing for speed vs clarity in most cases here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.html('<div style="width: 100%"></div>')
violates CSP 'unsafe-inline'. Therefore refactored to append an array of jQuery elements. Didn't considered performance.
Edit: Note that content of psuedo
array is changed from string
to jQuery Objects a few lines above in this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah ok. Will murge soon
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
*merge 😃
Thanks! |
@mkoryak Do you mind to release a patch version? |
I don't normally release with so little changes, but since you took time to make a PR, here is your new version: |
Thanks a lot! |
To not trigger a Content Security Policy (CSP) 'unsafe-inline' violation we have to modify CSSOM directly. This is what jQuery
.css()
method does. Therefore code like$('<div style="width: 100"');
should be avoided to not force consuming applications to lower CSP rules.