-
-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove inline javascript to comply with some CSP #1578
Comments
This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions. |
The ZIM files generated by mwoffliner are probably the most used ones, at least for kiwix-js. |
As discussed with @kelson42, the second code block (that sets
So this blocked javascript prevents the webp polyfill to load, but the browser should be able to natively handle webp. |
The impact of the first code block still needs to be checked (but we believe it might be minor) |
This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions. |
@Jaifroid I have launched a recipe with this fix at https://farm.openzim.org/pipeline/7fed4cc3e015578b5dc53d36. Let me know if you have any feedback. |
@kelson42 I downloaded the new ZIM and have been looking through it in the Chromium extension (the one affected). It all looks good: I can't find any inline JS remaining, and I don't see any related errors in console. So I think this issue is indeed fixed. Many thanks! |
There is at least some pieces of inline javascript in every page, like :
the articleId is used afterwards to handle webp.
The content can be browsed anyway, at least on the few ZIM files I tested
The text was updated successfully, but these errors were encountered: