Task #87418

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Refactor and remove usage of inline scripts in backend

Added by Oliver Hader about 3 years ago. Updated 5 days ago.

Status:
In Progress
Priority:
Should have
Assignee:
-
Category:
Backend JavaScript
Start date:
2020-04-13
Due date:
% Done:

95%

Estimated time:
(Total: 0.00 h)
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Dynamically generated <script> tags must be avoided and refactored to be used as static resources, dynamic use-cases have to be controlled by applying according settings (e.g. data-attributes and/or JSON configuration).

Examples (these resources have not been verified in detail and the list is not completed):

Search criteria:

  • <script>
  • GeneralUtility::wrapJS
  • GeneralUtility::writeJavaScriptContentToTemporaryFile
  • Response::addAdditionalHeaderData

Subtasks

Task #91015: Reduce inline JavaScript in ext:beuserClosedOliver Hader2020-04-13

Actions
Task #91016: Reduce inline JavaScript in ext:filelistClosedOliver Hader2020-04-13

Actions
Task #91052: Reduce inline onchange events in backend scopeClosedOliver Hader2020-04-15

Actions
Task #91109: Reduce inline JavaScript in ext:redirects and ext:schedulerClosedOliver Hader2020-04-18

Actions
Task #91110: Remove superfluous onclick events in FormEngineClosedOliver Hader2020-04-18

Actions
Task #91111: Reduce inline JavaScript in QueryViewClosedOliver Hader2020-04-18

Actions
Task #91117: Use GlobalEventHandler and ActionDispatcher instead of inline JSClosedOliver Hader2020-04-18

Actions
Task #91120: Remove superfluous inline JavaScript assignment in ext:beuserClosedOliver Hader2020-04-18

Actions
Task #91122: Introduce DocumentService as JQuery.ready substituteClosed2020-04-18

Actions
Task #91123: Avoid inline JavaScript generated by BackendUtility:viewOnClickClosedOliver Hader2020-04-18

Actions
Task #91124: Add substitutes for module menu navigationClosedOliver Hader2021-05-04

Actions
Task #94058: Remove goToModule() inline JavaScript invocationsClosed2021-05-04

Actions
Task #94762: Introduce ModuleStateStorage replacing fsModClosed2021-08-09

Actions
Task #94828: Avoid errors when using ModuleStateStorageClosedBenni Mack2021-08-12

Actions
Task #91125: Add substitutes for declaring static inline settingsClosedOliver Hader2020-04-18

Actions
Task #91132: Reduce inline JavaScript in ext:setupClosedOliver Hader2020-04-19

Actions
Task #91191: Reduce inline JavaScript for refreshing backend componentsClosedOliver Hader2020-04-25

Actions
Task #91786: Replace RequireJS module loading and invocationResolvedOliver Hader2020-07-12

Actions
Task #91787: Deprecate and replace inline JavaScript in FormEngineClosedOliver Hader2020-07-12

Actions
Task #91795: Replace window.open with WindowManager & PreviewUriBuilderClosedOliver Hader2020-07-13

Actions
Task #91804: Remove inline JavaScript from backend paginate view helperClosedOliver Hader2020-07-15

Actions
Task #91815: Remove window.open inline JavaScriptClosedOliver Hader2020-07-17

Actions
Task #91820: Remove inline onclick code from MoveElementControllerClosedOliver Hader2020-07-17

Actions
Task #93899: Replace inline JS of FormEngine reload requestClosed2021-04-11

Actions
Task #94766: Remove obsolete inline JavaScript related to BE routingClosedBenni Mack2021-08-09

Actions
Task #94770: Avoid inline JavaScript in Constant EditorClosedBenni Mack2021-08-10

Actions
Task #94777: Avoid inline JavaScript in DatabaseRecordListClosedOliver Bartsch2021-08-10

Actions
Task #95200: Streamline requireJS usage in FormEngineClosed2021-09-12

Actions
Task #95260: Substitute inline onclick events for ShortcutMenuClosed2021-09-17

Actions
Task #95266: Remove inline JavaScript from Install ToolClosed2021-09-17

Actions
Task #95276: Clean up code & add deprecation commentsClosed2021-09-20

Actions
Task #95277: Refactor new content element realmClosed2021-09-20

Actions
Task #95278: Deprecate inline JavaScript in ModuleTemplate componentsClosed2021-09-20

Actions
Task #95873: Use explicit JavaScript module instructions in dashboardResolvedOliver Hader2021-11-04

Actions
Task #95874: Avoid JavaScript eval function in FormEngine AjaxDispatcherClosedOliver Hader2021-11-04

Actions
Task #95896: Remove inline JavaScript in ViewModuleResolvedTorben Hansen2021-11-07

Actions
Task #95953: Transform JavaScriptHander.js to be hybrid IIFE and AMDResolvedOliver Hader2021-11-10

Actions
Task #95954: Reduce inline JavaScript in FormEngine AJAX responsesResolvedOliver Hader2021-11-10

Actions
Task #95989: Avoid inline JavaScript in SchedulerResolvedOliver Hader2021-11-15

Actions
Task #96002: Avoid inline JavaScript in backend update signalsResolvedOliver Hader2021-11-16

Actions
Task #96003: Avoid inline JavaScript in DispatchNotificationHookResolvedOliver Hader2021-11-16

Actions
Task #96012: Avoid inline JavaScript in OpendocsToolbarItem::updateNumberOfOpenDocsHookResolved2021-11-17

Actions
Task #96018: Avoid inline JavaScript in f:be.menus.actionMenuResolvedOliver Hader2021-11-17

Actions
Task #96019: Avoid inline JavaScript in wizard EditControllerResolvedOliver Hader2021-11-17

Actions
Task #96020: Deprecate \TYPO3\CMS\Backend\Form\Behavior\OnFieldChangeInterfaceOn Hold2021-11-17

Actions
Task #96136: Deprecate inline JavaScript in backend update signalsResolved2021-11-29

Actions
Task #96158: Remove support for inline JavaScript in fieldChangeFuncResolved2021-11-30

Actions
Task #96185: Avoid inline JavaScript in LinkBrowserControllerResolved2021-12-02

Actions
Task #96187: Avoid CKEditor4 inline JavaScriptAccepted2021-12-02

Actions
Task #96524: Deprecate inline JavaScript in DashboardResolved2022-01-12

Actions
#1

Updated by Oliver Hader about 3 years ago

  • Tracker changed from Epic to Task
  • TYPO3 Version set to 10
#2

Updated by Georg Ringer almost 2 years ago

  • Status changed from New to Accepted
#3

Updated by Oliver Hader 2 months ago

  • Status changed from Accepted to In Progress

Also available in: Atom PDF