Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strenghtify uses javascript eval #11033

Closed
rullzer opened this issue Sep 3, 2018 · 4 comments
Closed

Strenghtify uses javascript eval #11033

rullzer opened this issue Sep 3, 2018 · 4 comments
Labels
1. to develop Accepted and waiting to be taken care of enhancement
Milestone
Nextcloud 15

Comments

@rullzer
Copy link
Member

rullzer commented Sep 3, 2018

For https://github.com/orgs/nextcloud/projects/18

The strenghtify plugin we use for jquery toindicate password strength uses eval. This prevents a default stricter CSP.

We should look into how we can fix this properly.
@rullzer rullzer added enhancement 1. to develop Accepted and waiting to be taken care of labels Sep 3, 2018
@rullzer rullzer added this to the Nextcloud 15 milestone Sep 3, 2018
@rullzer
Copy link
Member Author

rullzer commented Sep 3, 2018

@nextcloud/javascript

@nextcloud-bot

This comment has been minimized.

Sign in to view
@kesselb
Copy link
Contributor

kesselb commented Sep 3, 2018

Ref: nextcloud/strengthify#19

@MorrisJobke MorrisJobke self-assigned this Sep 27, 2018
@MorrisJobke
Copy link
Member

Version 0.5.4 of it solves the issue: https://github.com/MorrisJobke/strengthify/releases/tag/0.5.4

rullzer added a commit that referenced this issue Sep 28, 2018
@rullzer
Bump strengthify
2732e19 
Fixes #11033
For https://github.com/orgs/nextcloud/projects/18

Move to a stricter CSP safe strengthify

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer mentioned this issue Sep 28, 2018
Merged
rullzer added a commit that referenced this issue Sep 28, 2018
@rullzer
Bump strengthify
6ddef7b 
Fixes #11033
For https://github.com/orgs/nextcloud/projects/18

Move to a stricter CSP safe strengthify

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@MorrisJobke MorrisJobke removed their assignment Dec 4, 2018
@GTVolk GTVolk mentioned this issue Dec 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of enhancement
Projects
None yet
Milestone
Nextcloud 15
Development

No branches or pull requests
4 participants
@rullzer @MorrisJobke @kesselb @nextcloud-bot