Commit Graph

5 Commits

Author SHA1 Message Date
Matthew Noorenberghe 99f1e23c5b Replace usage of PHP_SELF in views/. Fixes #2450 2019-02-09 21:39:19 -08:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor dfdac2ed70 make find and find_one functions consistent across Objects 2018-09-07 16:31:11 -04:00
Isaac Connor 92cb7dabd5 merge some fixes from other branches 2018-04-17 08:48:59 -07:00
Isaac Connor e9600bc5d3 add monitors.php 2017-10-24 16:25:11 -07:00