Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove inline javascript #726

Open
ghost opened this issue Feb 24, 2019 · 4 comments · May be fixed by #729
Open

Remove inline javascript #726

ghost opened this issue Feb 24, 2019 · 4 comments · May be fixed by #729
Assignees
@Blendify
Labels
Improvement Minor improvement to code
Milestone
3.0

Comments

@ghost
Copy link

ghost commented Feb 24, 2019

Problem

As discussed previously, when enabling content security policy, inline JS is considered unsafe.

Reproducible Project

Some lines that are still offending:

https://github.com/rtfd/sphinx_rtd_theme/blob/master/sphinx_rtd_theme/layout.html#L209-L213

The following has a PR already:

https://github.com/rtfd/sphinx_rtd_theme/blob/master/sphinx_rtd_theme/search.html#L15

Error Logs/Results

You get the usual "inline script is blocked by content security policy, etc" which can break functionality.

Expected Results

For the first script, it should be moved to a js_t file. For the latter, upstream changes from Sphinx need to be inherited.

Environment Info

  • Python Version: 3.7.2
  • Sphinx Version: 1.8.4
  • RTD Theme Version: 0.4.3
@Blendify
Copy link
Member

Hi would https://github.com/rtfd/sphinx_rtd_theme/blob/master/sphinx_rtd_theme/layout.html#L219 also have to be moved to an external file?

@Blendify
Copy link
Member

I opened a WIP PR #729

@Blendify Blendify linked a pull request Feb 25, 2019 that will close this issue
Open
@ghost
Copy link
Author

ghost commented Feb 25, 2019

I haven't used Google Analytics myself, but you may be able to do something like this.

@Blendify Blendify self-assigned this Mar 6, 2019
@Blendify Blendify added the Improvement Minor improvement to code label Mar 6, 2019
@humitos
Copy link
Member

humitos commented Aug 12, 2024
edited
Loading

We are deprecating Google Analytics (see #1576) and we moved the generation of the flyout to its own .js file. So, I think we won't have inline javascript when releasing 3.0. However, we should double check it before doing the final release.

@humitos humitos added this to the 3.0 milestone Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Blendify Blendify

Labels
Improvement Minor improvement to code
Projects
None yet
Milestone
3.0
Development

Successfully merging a pull request may close this issue.

Fix #726 Remove inline javascript # readthedocs/sphinx_rtd_theme
2 participants
@humitos @Blendify