https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26355 --- Comment #169 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 198452 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=198452&action=edit Bug 26355: (QA follow-up) Add CSP nonce to inline module script The forbidden_patterns QA check requires <script> elements to have either a "src" or "nonce" attribute. The inline module script that hydrates the Vue island in opac-user.tt was missing a nonce. Test plan: 1. Run the QA tool against opac-user.tt; forbidden_patterns should no longer report the inline <script> on line 1024. 2. Load the OPAC user summary page and confirm the Vue island still hydrates (no CSP violation in the browser console). Signed-off-by: Martin Renvoize <martin.renvoize@openfifth.co.uk> -- You are receiving this mail because: You are watching all bug changes.