Remove script-src unsafe-inline from CSP policy

RESOLVED INVALID

Status

Developer Services
Mercurial: hg.mozilla.org
RESOLVED INVALID
a year ago
a year ago

People

(Reporter: gps, Unassigned)

Tracking

(Blocks: 1 bug)

Details

(Reporter)

Description

a year ago
Mercurial uses inline event handlers in its HTML. This requires script-src: 'unsafe-inline' in the CSP policy. Let's remove the inline event handlers from Mercurial's templates.

Ideally we should do this upstream first then backport the changes. But that isn't a strict requirement.
(Reporter)

Comment 1

a year ago
Turns out some Firefox add-on I'm using injects event handlers and this was triggering CSP policy errors.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.