[tor-bugs] #23432 [Webpages/Website]: Move CSP style attributes into external stylesheets
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 7 21:24:14 UTC 2017
#23432: Move CSP style attributes into external stylesheets
----------------------------------+--------------------
Reporter: cypherpunks | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Webpages/Website | Version:
Severity: Normal | Keywords: csp
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
----------------------------------+--------------------
Suggested by the Mozilla Observatory
https://observatory.mozilla.org/analyze.html?host=torproject.org
> Your current CSP policy allows the use of {{{'unsafe-inline'}}} inside
of {{{style-src}}}. Moving {{{style}}} attributes into external
stylesheets not only makes you safer, but also makes your code easier to
maintain.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23432>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list