Closed
Bug 796869
Opened 12 years ago
Closed 12 years ago
[contacts] Get ready for CSP
Categories
(Firefox OS Graveyard :: Gaia, defect, P1)
Firefox OS Graveyard
Gaia
Tracking
(blocking-basecamp:+)
RESOLVED
FIXED
| blocking-basecamp | + |
People
(Reporter: arcturus, Assigned: arcturus)
Details
(Whiteboard: QARegressExclude)
Attachments
(2 files, 2 obsolete files)
|
36.68 KB,
patch
|
jmcf
:
review+
|
Details | Diff | Splinter Review |
|
7.31 KB,
patch
|
alberto.pastor
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4 Steps to reproduce: Current contacts application is not ready for CSP. Currently the policy allows: script-src: 'self' 'unsafe-inline'; object-src: 'none'; style-src: 'self' ; But in the future will be: script-src: 'self'; object-src: 'none'; style-src: 'self' ; Which means that inline scripts will be eliminated. Actual results: Contacts app is 'abusing' the inline scripts for several actions Expected results: in-line scripts should be removed
|
Assignee | |
Updated•12 years ago
|
blocking-basecamp: --- → ?
|
|
Assignee | |
Comment 1•12 years ago
|
||
Tried to add the patch with the addon but it's not working, anyway can review the changes in the PR: https://github.com/mozilla-b2g/gaia/pull/5637 Thanks
|
|
Assignee | |
Comment 2•12 years ago
|
||
Jose Manuel can you r? as well
|
||
Comment 3•12 years ago
|
||
yep
|
|
Assignee | |
Comment 4•12 years ago
|
||
Attachment #667386 -
Flags: review?(jmcf)
Attachment #667386 -
Flags: review?(alberto.pastor)
|
|
||
Comment 5•12 years ago
|
||
First set of comments provided through Github at https://github.com/mozilla-b2g/gaia/pull/5637/files
|
||
Comment 6•12 years ago
|
||
I agree with Jose Manuel in using separate function for the listeners. Apart from that r+ from my side.
|
|
Assignee | |
Comment 7•12 years ago
|
||
Patch v2 no with specific functions and trying to do a smarter way of walking the elements
Attachment #667522 -
Flags: review?(alberto.pastor)
|
|
Assignee | |
Updated•12 years ago
|
Attachment #667522 -
Flags: feedback?(jmcf)
|
|
Assignee | |
Updated•12 years ago
|
Attachment #667386 -
Attachment is obsolete: true
Attachment #667386 -
Flags: review?(jmcf)
Attachment #667386 -
Flags: review?(alberto.pastor)
|
|
Assignee | |
Updated•12 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Updated•12 years ago
|
Attachment #667522 -
Attachment is obsolete: true
Attachment #667522 -
Flags: review?(alberto.pastor)
Attachment #667522 -
Flags: feedback?(jmcf)
|
|
Assignee | |
Comment 8•12 years ago
|
||
Attachment #667901 -
Flags: review?(jmcf)
|
|
||
Updated•12 years ago
|
Attachment #667901 -
Flags: review?(jmcf) → review+
|
|
Assignee | |
Comment 9•12 years ago
|
||
Landed in gaia: https://github.com/mozilla-b2g/gaia/pull/5637
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
blocking-basecamp: ? → +
Priority: -- → P1
|
|
Assignee | |
Updated•12 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → francisco.jordano
|
|
Assignee | |
Comment 10•12 years ago
|
||
Latest changes on the building blocks brought back some of the infamous inline javascript.
|
|
||
Comment 11•12 years ago
|
||
yep, the onclick=return false. We need to be very careful during code reviews ...
|
|
Assignee | |
Comment 12•12 years ago
|
||
Attachment #671849 -
Flags: review?(alberto.pastor)
|
|
||
Updated•12 years ago
|
Attachment #671849 -
Flags: review?(alberto.pastor) → review+
|
|
Assignee | |
Comment 13•12 years ago
|
||
Landed: https://github.com/mozilla-b2g/gaia/commit/dd1b8b015a930b9668f7b2f862700307a8153103
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•