[#28720] - [3.x] Backport Make sure the renderer does not manipulate the inline CSS and JS
- Closed
- 7 Apr 2021
- Medium
- Build: staging
- # 28720
- Diff
- zero-24:backport_fix_style_script_renderer
- Success Hound Smells good to me. Woof! Details
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Success Download Prebuilt packages are available for download. Details
- Success continuous-integration/drone/pr Build is passing Details
- Failure continuous-integration/appveyor/pr AppVeyor build failed Details
User tests: Successful: Unsuccessful:
Pull Request for Issue #28719
Summary of Changes
Backports the changes from #28719 to 3.x
Testing Instructions
make sure the inline css and inline js still works as exptected.
Expected result
the renderer does not manipulate the inline css and JS
Actual result
the renderer does manipulate the inline css and JS that make CSP hashbased whitelisting not possible.
Documentation Changes Required
none
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
richard67
- | Title |
|
||||||
| Title |
|
||||||
| Labels |
Added:
?
|
||
Do you have a xhtml template? I don't touch the dedicated xhtml supported mention in the comments to be sure.
I don't have one :( all the templates I'm using are HTML5. If you're confident just merge it
Well why? You can already have a site that use hashes in 3.x. well not autgenerated right now as the renderer is broken..
can I add the hash to the renderer now? I didn't looked at it it's only something come into my mind
Edit: ok can't be added to this function so looks ok
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2021-04-07 17:19:40 |
| Closed_By | ⇒ | zero-24 |
I have tested this item✅ successfully on 1e51b54
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28720.