Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authtoken view uses javascript eval #11032

Closed
rullzer opened this issue Sep 3, 2018 · 2 comments
Closed

Authtoken view uses javascript eval #11032

rullzer opened this issue Sep 3, 2018 · 2 comments
Assignees
@rullzer
Labels
1. to develop Accepted and waiting to be taken care of enhancement
Milestone
Nextcloud 15

Comments

@rullzer
Copy link
Member

rullzer commented Sep 3, 2018
edited
Loading

For: https://github.com/orgs/nextcloud/projects/18

The settings page of AppPassword uses handlebars. This prevents a stricter CSP.
Best would be to move this over to vue.
@rullzer rullzer added enhancement 1. to develop Accepted and waiting to be taken care of labels Sep 3, 2018
@rullzer rullzer added this to the Nextcloud 15 milestone Sep 3, 2018
@rullzer
Copy link
Member Author

rullzer commented Sep 3, 2018

@skjnldsv this is part of settings but not a full page (like the other settings stuff). Could you suggest where to put this?

@nextcloud-bot

This comment has been minimized.

Sign in to view
@nextcloud-bot nextcloud-bot mentioned this issue Sep 3, 2018
Closed
rullzer added a commit that referenced this issue Sep 27, 2018
@rullzer
Compile handlebars template for AuthTokenView
d66e662 
Fixes #11032
For https://github.com/orgs/nextcloud/projects/18

Compile the default authtoken handlebars view.
This avoids runtime compilations (speed) and avoids unsafe eval calls
thus allowing a stricter CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer mentioned this issue Sep 27, 2018
Merged
@rullzer rullzer self-assigned this Sep 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rullzer rullzer

Labels
1. to develop Accepted and waiting to be taken care of enhancement
Projects
None yet
Milestone
Nextcloud 15
Development

No branches or pull requests
2 participants
@rullzer @nextcloud-bot