Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WWSympa: Apply Content Security Policy on scripts (#1122) #1580

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

ikedas
Copy link
Member

@ikedas ikedas commented Jan 15, 2023

This PR aims to ensure that the following things meet the Content Security Policy.

  • inline javascript generated by head_javascript.tt2.
  • inline javascript included in confirm_action.tt2, create_list_request.tt2, lists.tt2 and stats.tt2.
  • "onclick" event handler in HTML: compose_mail.tt2, request_topic.tt2 and viewmod.tt2.
  • inline javascript for email obfuscation generated by setting spam_protection and/or web_archive_spam_protection parameter as javascript.

This may fix #1122 .

@ikedas ikedas changed the title WWSympa: Add CSP nonce-source to inline script (#1122) WWSympa: Apply Content Security Policy on scripts (#1122) Jan 16, 2023
@ikedas ikedas force-pushed the issue-1122 branch 2 times, most recently from d8c48af to c72254e Compare April 24, 2023 00:47
@ikedas ikedas marked this pull request as ready for review June 13, 2023 12:29
@ikedas ikedas marked this pull request as draft November 26, 2023 07:02
@ikedas ikedas marked this pull request as ready for review September 7, 2024 01:36
@ikedas ikedas marked this pull request as draft September 7, 2024 01:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Content Security Policy (CSP)
1 participant