You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apply a strict CSP, not allowing inline event handlers
Magento Version : 2.4.6-p8
ElasticSuite Version : 2.11.9.2
Environment : developer
Third party modules :
Steps to reproduce
Have a multiselect filter attribute in a category page
Select one checkbox
Check the console
Expected result
Filter should apply
Actual result
No filtering applies
Console log reports "Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src .."
Looks like in vendor/smile/elasticsuite/src/module-elasticsuite-catalog/view/frontend/web/template/attribute-filter.html on line 15 there is an onclick event that does not sit well with this strict CSP.
Unrelated to the above, there is another one in line 28 in vendor/smile/elasticsuite/src/module-elasticsuite-catalog/view/frontend/templates/layer/filter/default.phtml
Inline onclicks are generally considered bad practice, and should be replaced by event handlers.
The text was updated successfully, but these errors were encountered:
Preconditions
Apply a strict CSP, not allowing inline event handlers
Magento Version : 2.4.6-p8
ElasticSuite Version : 2.11.9.2
Environment : developer
Third party modules :
Steps to reproduce
Expected result
Actual result
Looks like in vendor/smile/elasticsuite/src/module-elasticsuite-catalog/view/frontend/web/template/attribute-filter.html on line 15 there is an onclick event that does not sit well with this strict CSP.
Unrelated to the above, there is another one in line 28 in vendor/smile/elasticsuite/src/module-elasticsuite-catalog/view/frontend/templates/layer/filter/default.phtml
Inline onclicks are generally considered bad practice, and should be replaced by event handlers.
The text was updated successfully, but these errors were encountered: