Project

General

Profile

Actions

Task #91216

closed

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Task #91785: Refactor and remove inline styles in backend

Replace <style> for compliance with CSP header

Added by TYPO3 GmbH TYPO3com almost 4 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2020-04-28
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

SVG is not loaded when the Content-Security-Policy header contains the widely used setting "style-src 'self';" because then the browser must rejects to load external files containing styles. In this case a black rectangle is displayed.
Using attributes instead of styles is compliant with CSP "style-src 'self';" and the file will be loaded.

This issue was automatically created from https://github.com/TYPO3/TYPO3.CMS/pull/247

Actions

Also available in: Atom PDF