View Issue Details

IDProjectCategoryView StatusLast Update
0021669mantisbtsecuritypublic2016-10-30 23:22
Reportervboctor Assigned Tosyncguru  
PrioritynormalSeverityblockReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.0.0-beta.2 
Target Version2.0.0-rc.1Fixed in Version2.0.0-rc.1 
Summary0021669: Charts have inline scripts
Description

We should update the usage of chart.js to avoid using inline scripts so we don't have to relax CSP header constrains for such pages.

Tagscsp, modern-ui

Relationships

related to 0021651 closedsyncguru Dropzone has inline scripts in View Issue page 
related to 0020040 closedsyncguru Replace jscalendar by a newer widget 

Activities

Related Changesets

MantisBT: master 0d00ae93

2016-10-16 16:06

syncguru

Committer: vboctor


Details Diff
Relocate inline JS code in graph plugin to separate file

Fixes 0021669
Affected Issues
0021669
add - plugins/MantisGraph/MantisGraph.js Diff File
mod - plugins/MantisGraph/MantisGraph.php Diff File
mod - plugins/MantisGraph/core/graph_api.php Diff File

MantisBT: master 1496d17f

2016-10-19 17:29

syncguru

Committer: vboctor


Details Diff
Relocate and load graph JS files from plugin files dir

Fixes 0021669
Affected Issues
0021669
mod - plugins/MantisGraph/MantisGraph.php Diff File

MantisBT: master c97b135f

2016-10-19 17:48

syncguru

Committer: vboctor


Details Diff
Remove CSP allowing inline js code

Fixes 0021669
Affected Issues
0021669
mod - plugins/MantisGraph/MantisGraph.php Diff File