Yeah, but I *think* that one can be solved without affecting editors.. Building something to let them style, but in a way that inline css isn't allowed by the CSP is something I haven't figured out yet.
On Sat, Aug 17, 2013 at 2:11 PM, Tyler Romeo <[email protected]> wrote: > Also inline JavaScript, which MediaWiki has a lot of for the > ResourceLoader. > On Aug 17, 2013 5:10 PM, "Chris Steipp" <[email protected]> wrote: > > > Inline css (<div style="...") > > > > > > On Sat, Aug 17, 2013 at 2:09 PM, David Gerard <[email protected]> wrote: > > > > > On 17 August 2013 22:08, Chris Steipp <[email protected]> wrote: > > > > > > > A strong CSP is #3 on my most-wanted list of security features (after > > > https > > > > and better password hashing). However, that would likely limit things > > > like > > > > editors adding css into their edits, which is pretty controversial. > > > > > > > > > Do you mean adding user/site CSS, or do you mean other edits? > > > > > > > > > - d. > > > > > > _______________________________________________ > > > Wikitech-l mailing list > > > [email protected] > > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > > > _______________________________________________ > > Wikitech-l mailing list > > [email protected] > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
