https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38365
--- Comment #373 from Jonathan Druart <[email protected]> --- Created attachment 195269 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=195269&action=edit Bug 38365: Add "style-src-attr 'unsafe-inline';" to default policy This change adds "style-src-attr 'unsafe-inline';" to the default CSP policy. The reason is that we have a lot of inline styles throughout Koha, and it will take a long time to clean those up. Also, the WYSIWYG/TinyMCE editor injects inline styles, so it might not be possible to forbid unsafe inline styles in Koha. Signed-off-by: David Cook <[email protected]> Signed-off-by: Martin Renvoize <[email protected]> Signed-off-by: Lari Taskula <[email protected]> Signed-off-by: David Cook <[email protected]> Signed-off-by: Jonathan Druart <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
