Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove inline javascript #33

Closed
nodiscc opened this issue Oct 22, 2014 · 0 comments
Closed

remove inline javascript #33

nodiscc opened this issue Oct 22, 2014 · 0 comments
Labels
cleanup code cleanup and refactoring
Milestone
0.9.0

Comments

@nodiscc
Copy link
Member

nodiscc commented Oct 22, 2014

It would be great to move inline javascript (for example https://github.com/shaarli/Shaarli/blob/master/tpl/linklist.html#L70 ) to their own .js files. Inline javascript does not run when the server has strict Content Security Policy (CSP) settings (good practice).

Firefox console returns:

Content Security Policy: Les paramètres de la page ont empêché le chargement d'une ressource à self (« script-src https://my.shaarli.url »)

Eg. for apache2 Header set Content-Security-Policy "script-src 'self'" prevents qr code/tag autocomplete/... from running. Header set Content-Security-Policy "script-src 'self' 'unsafe-inline'" allows it, but is less safe.
@nodiscc nodiscc added security cleanup code cleanup and refactoring and removed enhancement labels Nov 5, 2014
@nodiscc nodiscc changed the title [cleanup] remove inline javascript remove inline javascript Nov 5, 2014
@nodiscc nodiscc added this to the 0.9beta milestone Dec 2, 2014
@nodiscc nodiscc removed the security label Jan 9, 2015
@ArthurHoaro ArthurHoaro modified the milestones: 0.8.0, 0.9.0 May 11, 2016
ArthurHoaro added a commit to ArthurHoaro/Shaarli that referenced this issue Mar 12, 2017
@ArthurHoaro
Remove inline JS and add LibreJS headers in JS files
b9b41d2 
Fixes shaarli#33 (wow!)
Relates to shaarli#395
@ArthurHoaro ArthurHoaro mentioned this issue Mar 12, 2017
Merged
portailp pushed a commit to PortailPro/Shaarli that referenced this issue Mar 20, 2017
@ArthurHoaro @portailp
Remove inline JS and add LibreJS headers in JS files
5e90a6c 
Fixes shaarli#33 (wow!)
Relates to shaarli#395
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cleanup code cleanup and refactoring
Projects
None yet
Milestone
0.9.0
Development

No branches or pull requests
2 participants
@ArthurHoaro @nodiscc