Skip to content

Fix csr problem #1104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 7, 2022
Merged

Fix csr problem #1104

merged 4 commits into from
Dec 7, 2022

Conversation

@thet
Copy link
Member

@thet thet commented Dec 7, 2022

No description provided.

thet added 4 commits December 7, 2022 11:48
@thet
maint(core dom template): Warn about using dom.template due to a CSR …
989fa9f 
…probmel.

Warn about a problem of dom.template with a Content-Security-Policy set.
If a CSR rule is set then dom.template would break the code unless
'unsafe-eval' is allowed (which you wouldn't normally allow when using a CSR).
Therefore it is not recommended to use this template function.
@thet
breaking(pat-validation): Remove error-template option.
78c544b 
This is a breaking change.

Due to a Content-Security-Policy problem with dom.template when
unsafe-eval is not set - which you wouldn't set if possible - we had to
remove the error-template parameter. Instead the template is now defined
in a error_template method on the Patten class and can be customized by
subclassing and extending the pat-validation pattern or by patching it
via Pattern.prototype.
@thet
fix(pat-clone-code): Fix a Content-Security-Policy problem.
e38f987 
Do not use dom.template for the wrapper template to not get caught by
the browser's Content-Security-Policy. If set, a unsafe-eval error would
be thrown and the pattern refuse to run.
@thet
maint(pat-clone-code): Better example, correct documentation.
028ba07
@thet thet merged commit a9ba471 into master Dec 7, 2022
@thet thet deleted the fix-csr-problem branch December 7, 2022 11:06
@thet thet mentioned this pull request Dec 19, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thet