Closed
Bug 822630
Opened 12 years ago
Closed 12 years ago
[contacts] Possible CSP problems
Categories
(Firefox OS Graveyard :: Gaia::Contacts, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: macajc, Unassigned)
Details
Attachments
(1 file)
|
189 bytes,
text/html
|
amac
:
review+
arcturus
:
approval-gaia-v1+
|
Details |
I've passed a static analysis on the source code of Gaia looking for possible problems regarding the default CSP. The communications application has the following possible issues:
FILE: contacts/index.html
237: <a href="javascript: void(0);" class="action action-block">
FILE: contacts/oauth2/flow.html
19: <script>
FILE: contacts/oauth2/dialogs_end.html
20: <script>
|
||
Comment 1•12 years ago
|
||
NOTE: If blocking-basecamp+ is set, just land it for now.
[Approval Request Comment]
Bug caused by (feature/regressing bug #):
User impact if declined:
High when CSP restrictive policies will be enabled
Testing completed:
Risk to taking this patch (and alternatives if risky):
Low
Attachment #694379 -
Flags: review?(macajc)
Attachment #694379 -
Flags: approval-gaia-master?(francisco.jordano)
|
|
||
Updated•12 years ago
|
Attachment #694379 -
Flags: review?(macajc) → review?(amac)
|
||
Updated•12 years ago
|
Attachment #694379 -
Flags: review?(amac) → review+
|
||
Comment 2•12 years ago
|
||
Comment on attachment 694379 [details]
Pointer to GH PR #7108
This should be a bb+, simple change and fixing an important thing as csp.
Thanks JMC for the work!
a=me
Attachment #694379 -
Flags: approval-gaia-master?(francisco.jordano) → approval-gaia-master+
|
|
||
Comment 3•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•