[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline

WordPress Trac noreply at wordpress.org
Fri Oct 23 15:56:17 UTC 2020


#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------------------------------+-------------------------
 Reporter:  tomdxw                               |       Owner:  (none)
     Type:  enhancement                          |      Status:  assigned
 Priority:  normal                               |   Milestone:  5.7
Component:  Security                             |     Version:  4.8
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests needs-dev-  |     Focuses:  javascript
  note needs-refresh                             |
-------------------------------------------------+-------------------------

Comment (by enricocarraro):

 I think it would be nice to have phpcs rule to prevent developers from
 printing <script> tags without passing by `wp_get_script_tag()` or
 `wp_get_inline_script_tag()`, thus breaking strict CSP-compatibility.
 [https://github.com/WordPress/WordPress-Coding-Standards/pull/1956 Here] I
 proposed a solution. Please, let me know what you think.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:64>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list