Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use seperate stylesheet to prevent styling XSS attacks and CSP issues #5

Open
raucao opened this issue Sep 2, 2016 · 0 comments
Open

Use seperate stylesheet to prevent styling XSS attacks and CSP issues #5

raucao opened this issue Sep 2, 2016 · 0 comments
Labels
improvement styles & animations

Comments

@raucao
Copy link
Member

raucao commented Sep 2, 2016

As reported in https://community.remotestorage.io/t/safenetwork-and-csp-header-issue-s/355 we shouldn't use an inline style element for the widget CSS rules, because CSP can (and if used will) prevent loading them nowadays.

(The CSP default blocking makes sense imo, as it prevents styling XSS attacks.)
@raucao raucao modified the milestone: MVP Oct 26, 2016
@raucao raucao added the ready label Dec 2, 2016
@gregkare gregkare self-assigned this Oct 16, 2017
gregkare added a commit that referenced this issue Oct 16, 2017
@gregkare
Link the stylesheet instead of inserting it inline
f07b8e1 
This prevents the style to be blocked by CSP rules

Fixes #5
@gregkare gregkare removed their assignment Oct 16, 2017
@raucao raucao removed this from the 1.0.0-rc1 milestone Oct 16, 2017
@raucao raucao removed the ready label Sep 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement styles & animations
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raucao @gregkare