Home Explore Help
Register Sign In
Oppaitime
/
Gazelle
Watch 9
Star 11
Fork 18
Code Issues 21 Pull Requests 7 Releases 0 Wiki Activity
Labels Milestones
New Issue

#14 Remove Inline Javascript (and CSS)

Open
opened 8 years ago by spaghetti · 0 comments
spaghetti commented 8 years ago

Removing inline javascript and CSS will allow us to remove unsafe sources from our Content Security Policy, which will in turn protect against some injection attacks.

Plus it’s way cleaner.

This includes all text within <script> tags, any event attributes like onclick in a tag, and the style attribute of tags. Elements should instead be identified by class or other attribute and have event handles and styles attached based on those identifiers from separate files (which can be independently checked for integrity)

Removing inline javascript and CSS will allow us to remove unsafe sources from our Content Security Policy, which will in turn protect against some injection attacks. Plus it's way cleaner. This includes all text within \<script> tags, any event attributes like onclick in a tag, and the style attribute of tags. Elements should instead be identified by class or other attribute and have event handles and styles attached based on those identifiers from separate files (which can be independently checked for integrity)
spaghetti added the
Security
label 8 years ago
spaghetti added the
Enhancement
label 8 years ago
spaghetti added the
Migrated Issue
label 8 years ago
spaghetti added the
In Progress
label 8 years ago
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Blocked Breaking Easy Enhancement Feature Request In Progress Migrated Issue Needs Research Security
No Label
Blocked
Breaking
Easy
Enhancement
Feature Request
In Progress
Migrated Issue
Needs Research
Security
Milestone
Clear milestone
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes