Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove inline javascript to comply with some CSP #39

Closed
mossroy opened this issue Mar 4, 2022 · 2 comments · Fixed by #43
Closed

Remove inline javascript to comply with some CSP #39

mossroy opened this issue Mar 4, 2022 · 2 comments · Fixed by #43
Assignees
@benoit74
Milestone
1.1.0

Comments

@mossroy
Copy link

mossroy commented Mar 4, 2022

Tested with https://download.kiwix.org/zim/videos/khan-academy-videos_ar_khws-l-dd_2021-12.zim

Every page has the following webp-polyfill related inline code :

<script>$(document).ready(function() { trigger_webp_polyfill(); });</script>

It is blocked when some Content Security Policies ban inline javascript. It is in particular the case in kiwix-js browser extensions.

Moving this line of code in a javascript file should be enough to fix it, in this case.
@mossroy mossroy mentioned this issue Mar 4, 2022
Closed
@mossroy mossroy mentioned this issue Jun 2, 2022
Closed
11 tasks
@stale
Copy link

stale bot commented Jun 12, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions.

@stale stale bot added the stale label Jun 12, 2022
@mossroy mossroy mentioned this issue Sep 25, 2022
Merged
@benoit74 benoit74 self-assigned this Jul 6, 2023
@stale stale bot removed the stale label Jul 6, 2023
@benoit74
Copy link
Collaborator

benoit74 commented Jul 6, 2023

I will work on this one today, will open a PR as soon as I have a working proposition.

I intend to test this with KiwixJS installed as an extension on Firefox, is it sufficient or should I test it with something else ?

Do we have a tool ready to test an HTML file for inline javascript ? For now I intend to manually look after :

  • <script> tags with no src but inline javascript
  • on* events with inline javascript

For now I did not find the "trigger_webp_polyfill" mentioned above in the source code, this might be something trigerred by an external asset, I will look after it.

@benoit74 benoit74 mentioned this issue Jul 6, 2023
Merged
@benoit74 benoit74 added this to the v1.1.0 milestone Jul 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benoit74 benoit74

Labels
None yet
Projects
None yet
Milestone
1.1.0
Development

Successfully merging a pull request may close this issue.

Move inline JS + CSS to dedicated files + remove unused pdf_redirect.… openzim/kolibri
2 participants
@mossroy @benoit74