Closed Bug 1353953 Opened 7 years ago Closed 7 years ago

Remove script-src unsafe-inline from CSP policy

Categories

(Developer Services :: Mercurial: hg.mozilla.org, enhancement)

Product:
Developer Services
Component:
Mercurial: hg.mozilla.org
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: gps, Unassigned)

References

Details

Mercurial uses inline event handlers in its HTML. This requires script-src: 'unsafe-inline' in the CSP policy. Let's remove the inline event handlers from Mercurial's templates.

Ideally we should do this upstream first then backport the changes. But that isn't a strict requirement.
Turns out some Firefox add-on I'm using injects event handlers and this was triggering CSP policy errors.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.