[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline
WordPress Trac
noreply at wordpress.org
Tue Feb 2 20:54:08 UTC 2021
#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------------------------------+-------------------------
Reporter: tomdxw | Owner:
| adamsilverstein
Type: enhancement | Status: closed
Priority: normal | Milestone: 5.7
Component: Security | Version: 4.8
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests needs-dev- | Focuses: javascript
note |
-------------------------------------------------+-------------------------
Changes (by adamsilverstein):
* owner: (none) => adamsilverstein
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"50167" 50167]:
{{{
#!CommitTicketReference repository="" revision="50167"
Security: add Content-Security-Policy script loaders.
Add new functions `wp_get_script_tag`, `wp_print_script_tag`,
`wp_print_inline_script_tag` and `wp_get_inline_script_tag` that support
script attributes. Enables passing attributes such as `async` or `nonce`,
creating a path forward for enabling a Content-Security-Policy in core,
plugins and themes.
Props tomdxw, johnbillion, jadeddragoon, jrchamp, mallorydxw, epicfaace,
alinod, enricocarraro, ocean90.
Fixes #39941.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:79>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list