[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline
WordPress Trac
noreply at wordpress.org
Tue Feb 6 15:02:33 UTC 2018
#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------+--------------------------
Reporter: tomdxw | Owner: johnbillion
Type: enhancement | Status: accepted
Priority: normal | Milestone: 5.0
Component: Security | Version: 4.8
Severity: normal | Resolution:
Keywords: | Focuses: javascript
-------------------------+--------------------------
Comment (by jrchamp):
@tomdxw I really like the idea here for inline. Can we extend it to
external scripts too? 'strict-dynamic' seems to be the gold standard.
https://www.w3.org/TR/CSP3/#strict-dynamic-usage
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list