[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline
WordPress Trac
noreply at wordpress.org
Fri Oct 23 15:56:17 UTC 2020
#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------------------------------+-------------------------
Reporter: tomdxw | Owner: (none)
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.7
Component: Security | Version: 4.8
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs-dev- | Focuses: javascript
note needs-refresh |
-------------------------------------------------+-------------------------
Comment (by enricocarraro):
I think it would be nice to have phpcs rule to prevent developers from
printing <script> tags without passing by `wp_get_script_tag()` or
`wp_get_inline_script_tag()`, thus breaking strict CSP-compatibility.
[https://github.com/WordPress/WordPress-Coding-Standards/pull/1956 Here] I
proposed a solution. Please, let me know what you think.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:64>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list