Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not require Content Security Policy (CSP) style-src 'unsafe-inline' #321

Merged
merged 1 commit into from
Aug 18, 2016
Merged

do not require Content Security Policy (CSP) style-src 'unsafe-inline' #321

merged 1 commit into from
Aug 18, 2016

Conversation

jelhan
Copy link
Contributor

@jelhan jelhan commented Aug 13, 2016

To not trigger a Content Security Policy (CSP) 'unsafe-inline' violation we have to modify CSSOM directly. This is what jQuery .css() method does. Therefore code like $('<div style="width: 100"'); should be avoided to not force consuming applications to lower CSP rules.

jelhan added a commit to jelhan/croodle that referenced this pull request Aug 13, 2016
@jelhan
Fix: CSP style-src: 'unsafe-inline' violation
6653da8 
Could get rid of `style-src: 'unsafe-inline'` after
mkoryak/floatThead#321 has been merged
and made it's way in a new release.

Part of #90
@jelhan jelhan mentioned this pull request Aug 13, 2016
Closed
@rugk
Copy link

rugk commented Aug 13, 2016

I think this is also much cleaner JS/jQuery code. 👍

mkoryak
mkoryak reviewed Aug 16, 2016
View reviewed changes
dist/jquery.floatThead-slim.js
}

cols = cols.join('');
cells = cells.join('');

if(createElements){
psuedo = psuedo.join('');
$fthRow.html(psuedo);
$fthRow.append(psuedo);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is appending an array actually any faster than html which i assume uses innerHTML?

I am optimizing for speed vs clarity in most cases here.

Copy link
Contributor Author

@jelhan jelhan Aug 16, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.html('<div style="width: 100%"></div>') violates CSP 'unsafe-inline'. Therefore refactored to append an array of jQuery elements. Didn't considered performance.

Edit: Note that content of psuedo array is changed from string to jQuery Objects a few lines above in this PR.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah ok. Will murge soon

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*merge 😃

@mkoryak mkoryak merged commit b7ad14f into mkoryak:master Aug 18, 2016
@jelhan
Copy link
Contributor Author

jelhan commented Aug 18, 2016

Thanks!

@jelhan
Copy link
Contributor Author

jelhan commented Aug 20, 2016

@mkoryak Do you mind to release a patch version?

@mkoryak
Copy link
Owner

mkoryak commented Aug 22, 2016

I don't normally release with so little changes, but since you took time to make a PR, here is your new version:

https://github.com/mkoryak/floatThead/releases/tag/1.4.3

@jelhan
Copy link
Contributor Author

jelhan commented Aug 23, 2016

Thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jelhan @rugk @mkoryak