zoneminder

History

Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413 ) * Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy * Use @data-on-click-this to attach inline click event handlers which expect being called with 'this' Only handle ones that don't return a value. * Use @data-on-click to attach inline click event handlers with no args and no return value * Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument * Enforce a script-src CSP on views without inline JS * Convert some onchange attributes to data-on-change	2019-01-16 09:59:58 -05:00
..
classic	Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413 )	2019-01-16 09:59:58 -05:00

Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413 )

* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change

2019-01-16 09:59:58 -05:00

classic

Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413 )

2019-01-16 09:59:58 -05:00