-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove inline javascript #726
Comments
Hi would https://github.com/rtfd/sphinx_rtd_theme/blob/master/sphinx_rtd_theme/layout.html#L219 also have to be moved to an external file? |
I opened a WIP PR #729 |
I haven't used Google Analytics myself, but you may be able to do something like this. |
We are deprecating Google Analytics (see #1576) and we moved the generation of the flyout to its own |
Problem
As discussed previously, when enabling content security policy, inline JS is considered unsafe.
Reproducible Project
Some lines that are still offending:
https://github.com/rtfd/sphinx_rtd_theme/blob/master/sphinx_rtd_theme/layout.html#L209-L213
The following has a PR already:
https://github.com/rtfd/sphinx_rtd_theme/blob/master/sphinx_rtd_theme/search.html#L15
Error Logs/Results
You get the usual "inline script is blocked by content security policy, etc" which can break functionality.
Expected Results
For the first script, it should be moved to a
js_t
file. For the latter, upstream changes from Sphinx need to be inherited.Environment Info
The text was updated successfully, but these errors were encountered: