Task #91216
closed
Epic #87417: Integrate proper Content Security Policy (CSP) handling
Task #91785: Refactor and remove inline styles in backend
Replace <style> for compliance with CSP header
Added by TYPO3 GmbH TYPO3com over 4 years ago.
Updated over 3 years ago.
Description
SVG is not loaded when the Content-Security-Policy header contains the widely used setting "style-src 'self';" because then the browser must rejects to load external files containing styles. In this case a black rectangle is displayed.
Using attributes instead of styles is compliant with CSP "style-src 'self';" and the file will be loaded.
This issue was automatically created from https://github.com/TYPO3/TYPO3.CMS/pull/247
- Status changed from New to Under Review
- Parent task set to #91785
quick search for the string style=
inside the core files:
typo3/sysext/install/Resources/Public/Images/TestInput/Test.svg
typo3/sysext/core/Tests/Functional/Imaging/Fixtures/file.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/information.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/content.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/modulegroup.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/files.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/apps.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/actions.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/install.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/mimetypes.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/default.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/miscellaneous.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/form.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/spinner.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/overlay.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/module.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/status.svg
typo3/sysext/core/Resources/Public/Icons/T3Icons/sprites/avatar.svg
typo3/sysext/redirects/Resources/Public/Icons/Extension.svg
typo3/sysext/redirects/Resources/Public/Icons/mimetypes-x-sys_redirect.svg
should an issue on https://github.com/TYPO3/TYPO3.Icons be opened?
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF