github-code-scanning[bot] commented on code in PR #24262:
URL: https://github.com/apache/superset/pull/24262#discussion_r1213037371
##########
superset/templates/superset/theme.html:
##########
@@ -1340,7 +1340,7 @@
{% endblock %}
{% block tail_js %}
{{ super() }}
- <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script>
- <script
src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js";></script>
- <script src="{{ assets_prefix
}}/static/assets/stylesheets/less/cosmo/cosmoTheme.js"></script>
+ <script src="https://code.jquery.com/jquery-1.10.2.min.js"; nonce="{{
csp_nonce() }}"></script>
Review Comment:
## Inclusion of functionality from an untrusted source
Script loaded from content delivery network with no integrity check.
[Show more
details](https://github.com/apache/superset/security/code-scanning/1204)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
