Yeah, but I *think* that one can be solved without affecting editors.. Building something to let them style, but in a way that inline css isn't allowed by the CSP is something I haven't figured out yet.
On Sat, Aug 17, 2013 at 2:11 PM, Tyler Romeo tylerromeo@gmail.com wrote:
Also inline JavaScript, which MediaWiki has a lot of for the ResourceLoader. On Aug 17, 2013 5:10 PM, "Chris Steipp" csteipp@wikimedia.org wrote:
Inline css (<div style="...")
On Sat, Aug 17, 2013 at 2:09 PM, David Gerard dgerard@gmail.com wrote:
On 17 August 2013 22:08, Chris Steipp csteipp@wikimedia.org wrote:
A strong CSP is #3 on my most-wanted list of security features (after
https
and better password hashing). However, that would likely limit things
like
editors adding css into their edits, which is pretty controversial.
Do you mean adding user/site CSS, or do you mean other edits?
- d.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l