dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 22dd581) | patch
resourceloader: Give module eval the ContentSecurityPolicy nonce
authorBrian Wolff <bawolff+wn@gmail.com>
Mon, 2 Jul 2018 06:19:43 +0000 (06:19 +0000)
committerKrinkle <krinklemail@gmail.com>
Tue, 7 Aug 2018 16:54:40 +0000 (16:54 +0000)
commit146e9c96ea85d309d7b2b851b4b4443e5bc18f91
tree19fee97bc9aada3aed41453bf655edc2287b6f35tree | snapshot
parent22dd581f10feae51d8c6fd33d272e34634511e69commit | diff
resourceloader: Give module eval the ContentSecurityPolicy nonce

Previously domEval didn't have CSP nonces, causing it to violate
the policy.

Also removes the meta tag scheme, as I could not make it compatible
with how RL storage works using domEval instead of real eval() and
it didn't provide much protection anyways.

Bug: T196923
Change-Id: I3cd2d7cc295c39b498d0bf37915d4ba167fdd48c
includes/ContentSecurityPolicy.php diff | blob | history
includes/OutputPage.php diff | blob | history
resources/src/startup/mediawiki.js diff | blob | history
tests/phpunit/includes/ContentSecurityPolicyTest.php diff | blob | history
Wiklou, le Wiki du Wiklou