Task #91216
closed
Epic #87417: Integrate proper Content Security Policy (CSP) handling
Task #91785: Refactor and remove inline styles in backend
Replace <style> for compliance with CSP header
100%
Description
SVG is not loaded when the Content-Security-Policy header contains the widely used setting "style-src 'self';" because then the browser must rejects to load external files containing styles. In this case a black rectangle is displayed.
Using attributes instead of styles is compliant with CSP "style-src 'self';" and the file will be loaded.
This issue was automatically created from https://github.com/TYPO3/TYPO3.CMS/pull/247
Updated by Gerrit Code Review over 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64331
Updated by Gerrit Code Review over 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64331
Updated by
Updated by Riccardo De Contardi almost 4 years ago
quick search for the string style= inside the core files:
typo3/sysext/install/Resources/Public/Images/TestInput/Test.svg typo3/sysext/core/Tests/Functional/Imaging/Fixtures/file.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/information.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/content.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/modulegroup.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/files.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/apps.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/actions.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/install.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/mimetypes.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/default.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/miscellaneous.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/form.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/spinner.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/overlay.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/module.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/status.svg typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/avatar.svg typo3/sysext/redirects/Resources/Public/Icons/Extension.svg typo3/sysext/redirects/Resources/Public/Icons/mimetypes-x-sys_redirect.svg
should an issue on https://github.com/TYPO3/TYPO3.Icons be opened?
Updated by Gerrit Code Review almost 4 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64331
Updated by Gerrit Code Review almost 4 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64331
Updated by Gerrit Code Review almost 4 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67693
Updated by Ute Flierl almost 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 8330dabbaf31c806c4ba346875c5ac1503d93abf.
Updated by