Closed Bug 803178 Opened 12 years ago Closed 12 years ago

FIX CSP Violations (remove inline js)

Tracking

(blocking-basecamp:+)

Status:

RESOLVED FIXED

Project Flags:

blocking-basecamp

People

(Reporter: jlal, Assigned: ochameau)

Details

(Whiteboard: [mentor=jlal@mozilla.com][LOE:S][qa-] QARegressExclude)

Attachments

(2 files)

Pull request 5987 - remove inline scripts 12 years ago Alexandre Poirot [:ochameau] 166 bytes, text/html	jlal : review+	Details
Pull request 5986 - remove eval usage 12 years ago Alexandre Poirot [:ochameau] 166 bytes, text/html	jlal : review+	Details

James Lal [:lightsofapollo]

Reporter

Description

•

12 years ago

We have a few places where we use inline scripts (including app start up) we need to remove these.

David Scravaglieri [:scravag]

Updated

•

12 years ago

blocking-basecamp: ? → +

Priority: -- → P1

Alexandre Poirot [:ochameau]

Assignee

Updated

•

12 years ago

Assignee: nobody → poirot.alex

Schalk Neethling [:espressive]

Comment 2

•

12 years ago

I guess you are referring to items such as this: <a href="javascript: window.history.go(-1);">

Alexandre Poirot [:ochameau]

Assignee

Comment 3

•

12 years ago

Attached file Pull request 5987 - remove inline scripts — Details

Attachment #674692 - Flags: review?(jlal)

Alexandre Poirot [:ochameau]

Assignee

Comment 4

•

12 years ago

Attached file Pull request 5986 - remove eval usage — Details

Another patch to fix template.js usage of Function() which is equivalent to eval() and is forbidden regarding CSP rules. I tried to implement an efficient equivalent implementation but didn't had enough lifetime on calendar to notice better or slower performances.

Attachment #674693 - Flags: review?(jlal)

Alexandre Poirot [:ochameau]

Assignee

Comment 5

•

12 years ago

Landed: https://github.com/mozilla-b2g/gaia/commit/4b999a7866c01a61642fa2015df0868d6eb68c88

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Alexandre Poirot [:ochameau]

Assignee

Comment 6

•

12 years ago

Actually there is still PR 5987 to land.

Status: RESOLVED → REOPENED

Resolution: FIXED → ---

Mike Connor [:mconnor]

Updated

•

12 years ago

Priority: P1 → --

Mike Connor [:mconnor]

Updated

•

12 years ago

Priority: -- → P2

James Lal [:lightsofapollo]

Reporter

Comment 7

•

12 years ago

I believe with PR 5987 we have fixed the CSP issues. Nice work Alexandre.

Status: REOPENED → RESOLVED

Closed: 12 years ago → 12 years ago

Resolution: --- → FIXED

James Lal [:lightsofapollo]

Reporter

Updated

•

12 years ago

Attachment #674692 - Flags: review?(jlal) → review+

James Lal [:lightsofapollo]

Reporter

Updated

•

12 years ago

Attachment #674693 - Flags: review?(jlal) → review+

Jason Smith [:jsmith]

Updated

•

12 years ago

Whiteboard: [mentor=jlal@mozilla.com][LOE:S] → [mentor=jlal@mozilla.com][LOE:S][qa-]

cbarker

Updated

•

12 years ago

Whiteboard: [mentor=jlal@mozilla.com][LOE:S][qa-] → [mentor=jlal@mozilla.com][LOE:S][qa-] QARegressExclude

You need to log in before you can comment on or make changes to this bug.

Bugzilla

FIX CSP Violations (remove inline js)

Categories

(Firefox OS Graveyard :: Gaia::Calendar, defect, P2)

Tracking

(blocking-basecamp:+)

People

(Reporter: jlal, Assigned: ochameau)

References

Details

(Whiteboard: [mentor=jlal@mozilla.com][LOE:S][qa-] QARegressExclude)

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Updated

Updated

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Updated

Updated

Comment 7

Updated

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type