Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Remove a bit of inline CSS. Add CSP nonce where it might be required and is available.#8783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
auvipy merged 1 commit intoencode:masterfromjuspence:remove-inline-css
Dec 2, 2022
Merged

Conversation

@juspence
Copy link
Contributor

(Copied from#7960, but nonce removed to avoid conflicts with user-defined policies)

Remove a few instances of inline CSS which could trigger Content Security Policies (CSPs) and replace with classes where required.

Part of#6069.

I've left JavaScript alone as it's covered by#5740 and#7016 (which I think are duplicates of each other?).

@juspencejuspence self-assigned thisNov 29, 2022
</nav>
{% endif %}

<divclass="request-info"style="clear: both"aria-label="{% trans"requestinfo" %}">
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

clear: both was already inrequest-info.

@juspence
Copy link
ContributorAuthor

@auvipy This is the same as#7960, but with the CSP nonce bit removed to avoid problems.

I will leave this open a few days. Please let me know if you'd like to review again or if I should merge.

@auvipyauvipy added this to the3.15 milestoneNov 30, 2022
Copy link
Collaborator

@auvipyauvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

would you mind sharing the screenshots please after this changes?

@juspence
Copy link
ContributorAuthor

@auvipy Sorry for the delayed response. Here's before:
Screenshot from 2022-12-01 22-49-56

And after:
Screenshot from 2022-12-01 22-53-57

@Mogost
Copy link

Mogost commentedJul 11, 2024
edited
Loading

@juspence@auvipy
In#7960 there was support for nonce.

<style{% if request.csp_nonce %} nonce="{{request.csp_nonce}}"{% endif %}>{{ code_style }}</style>

I do not understand the reason for removing this support in this PR

(Copied from#7960, but nonce removed to avoid conflicts with user-defined policies)

If there is norequest.csp_nonce there is no conflict because it does not addnonce attr. But if the project follows the strictest CSP with nonce BrowserableAPI is still broken.
Also, the PR and release notes include

Add CSP nonce where it might be required and is available.

Which is a lie.

@mrazzari
Copy link

mrazzari commentedJan 24, 2025
edited
Loading

This PR uses a bootstrap class for floats (pull-left) but theclear:both is included in bootstrap-tweaks.css.

This means if the user overrides the default themeas documented, the clear is gone, and all content boxes get stacked horizontally.

Solution: Description and paginator should be wrapped in a<div>.

Screenshot of the bug using "Flatly" Bootstrap theme:
Boxes are ugly and stacked horizontally, instead of vertically

@auvipy
Copy link
Collaborator

Would you mind sending a PR to fix this?

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@auvipyauvipyauvipy approved these changes

Assignees

@juspencejuspence

Projects

None yet

Milestone

3.15

Development

Successfully merging this pull request may close these issues.

5 participants

@juspence@Mogost@mrazzari@auvipy@craiga
[8]ページ先頭
©2009-2025 Movatter.jp