#14 Remove Inline Javascript (and CSS)

Open
opened 4 years ago by spaghetti · 0 comments

Removing inline javascript and CSS will allow us to remove unsafe sources from our Content Security Policy, which will in turn protect against some injection attacks.

Plus it’s way cleaner.

This includes all text within <script> tags, any event attributes like onclick in a tag, and the style attribute of tags. Elements should instead be identified by class or other attribute and have event handles and styles attached based on those identifiers from separate files (which can be independently checked for integrity)

Removing inline javascript and CSS will allow us to remove unsafe sources from our Content Security Policy, which will in turn protect against some injection attacks. Plus it's way cleaner. This includes all text within \<script> tags, any event attributes like onclick in a tag, and the style attribute of tags. Elements should instead be identified by class or other attribute and have event handles and styles attached based on those identifiers from separate files (which can be independently checked for integrity)
spaghetti added the
Security
label 4 years ago
spaghetti added the
Enhancement
label 4 years ago
spaghetti added the
Migrated Issue
label 4 years ago
spaghetti added the
In Progress
label 4 years ago
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.