[wp-trac] [WordPress Trac] #51407: Remove inline event handlers and JavaScript URIs for Strict CSP-compatibility
WordPress Trac
noreply at wordpress.org
Wed Sep 30 08:04:09 UTC 2020
#51407: Remove inline event handlers and JavaScript URIs for Strict CSP-
compatibility
-------------------------------------------------+-------------------------
Reporter: enricocarraro | Owner:
| adamsilverstein
Type: enhancement | Status: assigned
Priority: normal | Milestone: Awaiting
| Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion has-unit- | Focuses: javascript
tests |
-------------------------------------------------+-------------------------
Comment (by enricocarraro):
As suggested by @adamsilverstein, here's a list of page changes:
1. Comment: Invalid Comment ID 'Go Back' button
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-8c9ed6b351c85b285dfaae508e58600aL74 `src/wp-admin/comment.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-0bd2285385649a05529ec2bb0267b8a3R1942
`src/js/_enqueues/admin/common.js`]
2. Custom Image Header: 'Blog Name' anchor
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-6afbe55113d8e64268ac40ae73e1606dL530 `src/wp-admin/includes/class-
custom-image-header.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-a22208be2604e977c17437cb2f97f3f2R30 `src/js/_enqueues/admin/custom-
header.js`]
3. Link Manager: 'Delete' button
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-f5fcf87500d0e6bd4236948419467393L332 `src/wp-admin/includes/class-
wp-links-list-table.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-48f7c5b6f32dc3a6df7e439311a76380R16 `src/js/_enqueues/admin/link-
manager.js`]
4. Link details: 'Delete' button
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-62eb47eb7fc2599dbdb79b82660d7fa3L1073 `src/wp-admin/includes/meta-
boxes.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-6d1e20d2b7fb2b8795a9ca77a955bdddR46
`src/js/_enqueues/admin/link.js`]
5. Media details view: 'Delete' button
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-791daa8f324d2c9aabc1a122031f605bL1696 `src/wp-
admin/includes/media.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-95f3a192c1e922bd754de460560aabf5R33 `src/js/_enqueues/admin/media-
events.js`]
6. Media details: 'Edit Image' button
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-791daa8f324d2c9aabc1a122031f605bL1642 `src/wp-
admin/includes/media.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-95f3a192c1e922bd754de460560aabf5R22 `src/js/_enqueues/admin/media-
events.js`]
7. Media details: 'Cancel' delete button
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-791daa8f324d2c9aabc1a122031f605bL1701 `src/wp-
admin/includes/media.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-95f3a192c1e922bd754de460560aabf5R42 `src/js/_enqueues/admin/media-
events.js`]
8. Media details: Use Featured Image
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-791daa8f324d2c9aabc1a122031f605bL1730 `src/wp-
admin/includes/media.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-95f3a192c1e922bd754de460560aabf5R51 `src/js/_enqueues/admin/media-
events.js`]
9. Async Upload: 'Cancel' button
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-791daa8f324d2c9aabc1a122031f605bL2228 `src/wp-
admin/includes/media.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-95f3a192c1e922bd754de460560aabf5R63 `src/js/_enqueues/admin/media-
events.js`]
10. Gallery Upload form: 'Insert gallery' and 'Update gallery settings'
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-791daa8f324d2c9aabc1a122031f605bL2646 `src/wp-
admin/includes/media.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-95f3a192c1e922bd754de460560aabf5R75 `src/js/_enqueues/admin/media-
events.js`]
11. Media Insert URL Form: Component
* Originally in [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-791daa8f324d2c9aabc1a122031f605bL2919 `src/wp-
admin/includes/media.php`]
* Moved to [https://github.com/enricocarraro/wordpress-
develop/compare/inline_script_using_inline_js_function...inline_event_handlers_refactoring
#diff-95f3a192c1e922bd754de460560aabf5R83 `src/js/_enqueues/admin/media-
events.js`]
I will add items to the checklist as I go through the changes I made.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51407#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list