Closed
Bug 1012654
Opened 11 years ago
Closed 10 years ago
[E.me] Remove inline style for CSP compliance
Categories
(Firefox OS Graveyard :: Gaia::Everything.me, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: gerard-majax, Assigned: ranbena)
References
Details
Confere bug 968907 and bug 858787. We need to remove all CSS inline usage in certified apps.
https://github.com/mozilla-b2g/gaia/blob/master/apps/homescreen/everything.me/modules/BackgroundImage/BackgroundImage.js#L139
|
||
Comment 1•11 years ago
|
||
The Evme.$create function is also a problem:
https://github.com/mozilla-b2g/gaia/blob/master/apps/homescreen/everything.me/js/helpers/Utils.js#L1024
Where ever this is used to set a style attribute, this will fail.
Further more, it will also fail when used to create style elements, such as here:
https://github.com/mozilla-b2g/gaia/blob/master/apps/homescreen/everything.me/js/helpers/Utils.js#L1024
|
||
Comment 2•11 years ago
|
||
Ran (hello!), can you fix that if that's still relevant for the new homescreen ?
We would like to fix those things for 2.0. Basically in certified apps, we won't be able anymore to use <element style="some css rules"> directly. Instead we need to use the element.style.attribute = "something".
This is in order to enforce a strict csp policy for certified apps and reduce some security risks.
Flags: needinfo?(ran)
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → ran
Status: NEW → ASSIGNED
Flags: needinfo?(ran)
|
|
Assignee | |
Comment 3•11 years ago
|
||
Vivien, this code isn't used in Home2. I'd rather not attend to it if it isn't relevant.
|
||
Comment 4•10 years ago
|
||
No longer relevant. EverythingMe was re-written for vertical homescreen.
Please reopen if needed.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•