Actions
Task #87418
closed
Epic #87417: Integrate proper Content Security Policy (CSP) handling
Refactor and remove usage of inline scripts in backend
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend JavaScript
Target version:
Start date:
2020-04-13
Due date:
% Done:
100%
Estimated time:
(Total: 0.00 h)
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Sprint Focus:
Description
Dynamically generated <script> tags must be avoided and refactored to be used as static resources, dynamic use-cases have to be controlled by applying according settings (e.g. data-attributes and/or JSON configuration).
Examples (these resources have not been verified in detail and the list is not completed):
- from templates
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/backend/Resources/Private/Templates/File/ReplaceFile.html#L20-L24
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/backend/Resources/Private/Templates/NewContentElement/Main.html#L8-L10
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/backend/Resources/Public/Html/Close.html#L8-L11
- from PHP sources
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/backend/Classes/Form/FormResultCompiler.php#L285-L299
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/backend/Classes/Controller/Wizard/EditController.php#L76
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/backend/Classes/Form/Element/SelectTreeElement.php#L168
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php#L1846-L1858
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/scheduler/Classes/Task/TableGarbageCollectionAdditionalFieldProvider.php#L131-L133
- https://github.com/TYPO3/TYPO3.CMS/blob/master/typo3/sysext/backend/Classes/Controller/LoginController.php#L352-L357
Search criteria:
<script>GeneralUtility::wrapJSGeneralUtility::writeJavaScriptContentToTemporaryFileResponse::addAdditionalHeaderData
Updated by 
Updated by 
Updated by
Actions