We allow inline-styles in case Authors want to use them. However few do and in #965 we cleaned them all up to use classes instead. Should we remove unsafe-inline from our CSP as per best practice? Or do we think
remove CSP styles 'unsafe-inline' exeption#2105 New issue ClosedDescription Simon-Laux opened on Feb 5, 2021· edited by Simon-Laux Edits load theme css from file from dc scheme (make sure to not forget support for custom themes, maybe just rewrite the file path to the configured theme....
const csp = `default-src 'none'; img-src ${ window.location.origin + PLACEHOLDER_CONTENT_URL } blob: data: ${resourceProxyCspString}; style-src 'unsafe-inline'; script-src 'none';`; const getIframeHtml = (content: string, extraBodyStyle = '') => ` <!DOCTYPE html> strong...
We should remove--scroll-barfrom the drawer component because I can't find any code that is using it. Sorry, something went wrong. HyperLife1119addedComponent: DrawerPR: reviewed-changes-requestedPR: target-patchlabelsMar 11, 2024 arturovtforce-pushedthefix/drawer-unsafe-inlinebranch from8346dfe...
The question With our use of modernizr 2.6.2 version we have detected a security vulnerability pointing to presence of unsafe- directive in content security policy header. As per the standards and compliant with CSP, ‘unsafe-‘ prefix dir...
use checkDependsOn for checkUrl move the script for UserRelevanceFilter to a separate js file and load as adjunct fix that nameOptions were not hidden when when selecting a non name matcher in regex filter Testing done Manual Testing Submitter checklis
Overview Tagmanager was introduced to handle more integrations other than GA. This has not happened. All events are sent to Tagmanager where they are mapped onto different GA properties. This adds additional complexity and another produc...
content="default-src 'none'; script-src 'sha256-noHVLQsurkONXmA3fcuAmcZ8UPYm/db88mhm9gAXcvk=' 'self'; frame-src 'self'; style-src 'unsafe-inline';"> Copy link Member TylerLeonhardtJun 4, 2024 @mjbvzis this change expected?
pnpm-lock.yaml chore: remove unsafe inline and add csp matcher (#4072) Apr 8, 2025 pnpm-workspace.yaml Feat: core controllers rename (#3976) Mar 11, 2025 readme.md chore(readme): remove misleading install size (#3394) Dec 10, 2024 ...
Version 3.0.3 Node and OS info N/A Steps to reproduce From the docs: Also, modern mode uses an inline script to avoid Safari 10 loading both bundles, so if you are using a strict CSP, you will need to explicitly allow the inline script W...