[Koha-bugs] [Bug 20397] Implement Content Security Policy
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jan 24 06:04:21 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20397
David Cook <dcook at prosentient.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dcook at prosentient.com.au
--- Comment #3 from David Cook <dcook at prosentient.com.au> ---
Disabling inline Javascript is cool. I wonder how much work it would take to
move our inline Javascript into separate scripts. Probably quite a bit as I
think there are quite a few places where we generate inline Javascript using
templates and Perl scripts... although surely a lot of that Javascript could be
re-engineered to work as a separate script without being created dynamically...
I suppose there could be a few options about how to turn OpacUserJS into a
Javascript file to be loaded by the browser. Could create the file at save time
(it's been tempting to add hooks for system preferences for a long time for
validation purposes but here would be another use case), or we could point the
"src" attribute at a Perl endpoint that spits out Javascript I suppose.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list