suzanne.soy/scribble-math
1
0
Fork 0
Code Issues 8 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

eliminate inline javascript for mathjax loading #14

Open
jbclements wants to merge 1 commits from jbclements/mathjax-no-inline-script into main
pull from: jbclements/mathjax-no-inline-script
merge into: suzanne.soy:main
Conversation 0 Commits 1 Files Changed 1 +11 -10
jbclements commented 2024-06-11 06:00:46 +01:00 (Migrated from github.com)
Copy Link

My web page is configured with a Content Security Policy that forbids inline JS, and indeed, I think inline javascript does represent a fairly massive attack target. In order to eliminate it, it looks like we can just call js-addition with a URL, rather than a byte string.

TBH, I can't see why the original code was the way it was, unless we overlooked the possibility of calling js-addition with a URL. Let me know if I missed something obvious!

My web page is configured with a Content Security Policy that forbids inline JS, and indeed, I think inline javascript does represent a fairly massive attack target. In order to eliminate it, it looks like we can just call `js-addition` with a URL, rather than a byte string. TBH, I can't see why the original code was the way it was, unless we overlooked the possibility of calling js-addition with a URL. Let me know if I missed something obvious!
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin jbclements/mathjax-no-inline-script:jbclements/mathjax-no-inline-script
git checkout jbclements/mathjax-no-inline-script

Merge

Merge the changes and update on Gitea.
git checkout main
git merge --no-ff jbclements/mathjax-no-inline-script
git checkout main
git merge --ff-only jbclements/mathjax-no-inline-script
git checkout jbclements/mathjax-no-inline-script
git rebase main
git checkout main
git merge --no-ff jbclements/mathjax-no-inline-script
git checkout main
git merge --squash jbclements/mathjax-no-inline-script
git checkout main
git merge --ff-only jbclements/mathjax-no-inline-script
git checkout main
git merge jbclements/mathjax-no-inline-script
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
question

   
wontfix
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: suzanne.soy/scribble-math#14
No description provided.
Delete Branch "jbclements/mathjax-no-inline-script"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?