Closed
Bug 1284979
Opened 8 years ago
Closed 8 years ago
Write test case to find obvious uses of inline javascript in the templates
Categories
(Bugzilla :: Testing Suite, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 6.0
People
(Reporter: dylan, Assigned: dylan)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
We probably can't catch 100% of inline js, but we can catch a lot.
Ideally when this test passes, we should be able to disallow all inline JS.
|
||
Comment 1•8 years ago
|
||
|
Assignee | |
Updated•8 years ago
|
Attachment #8768514 -
Flags: review?(dkl)
|
|
Assignee | |
Comment 2•8 years ago
|
||
updated pull request so the test file is 016csp.t, rather than 015-csp.t
|
||
Comment 3•8 years ago
|
||
Comment on attachment 8768514 [details]
[bugzilla] dylanwh:bug-1284979 > bugzilla:master
lgtm. extract_delimited not used. fix on commit. r=dkl
Attachment #8768514 -
Flags: review?(dkl) → review+
|
|
Assignee | |
Comment 4•8 years ago
|
||
Comment on attachment 8768514 [details]
[bugzilla] dylanwh:bug-1284979 > bugzilla:master
added missing check for javascript: urls
Attachment #8768514 -
Flags: review?(dkl)
|
|
||
Comment 5•8 years ago
|
||
Comment on attachment 8768514 [details]
[bugzilla] dylanwh:bug-1284979 > bugzilla:master
r=dkl
Attachment #8768514 -
Flags: review?(dkl)
|
|
Assignee | |
Comment 6•8 years ago
|
||
To github.com:bugzilla/bugzilla.git
2f4472f..2f35cf5 master -> master
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•8 years ago
|
Target Milestone: --- → Bugzilla 6.0
You need to log in
before you can comment on or make changes to this bug.
Description
•