Skip to content
This repository has been archived by the owner on Jan 31, 2023. It is now read-only.

Support Content Security Policy #68

Closed
akihikodaki opened this issue Apr 28, 2017 · 3 comments
Closed

Support Content Security Policy #68

akihikodaki opened this issue Apr 28, 2017 · 3 comments
Labels
enhancement

Comments

@akihikodaki
Copy link
Contributor

akihikodaki commented Apr 28, 2017
edited
Loading

The specification of Content Security Policy
describes as the following:

This document defines Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS).

To apply Content Security Policy, we need to set a nonce to style element appended by react-virtualized. I have made a change for react-virtualized. (bvaughn/react-virtualized#663)

emojione-picker is also required to be altered to correspond the change. I have also finished to create a change for emojione-picker fcb244d, but we may wait for a new version of react-virtualized including its Content Security Policy support.
@akihikodaki akihikodaki mentioned this issue Apr 28, 2017
Closed
2 tasks
@tommoor
Copy link
Owner

tommoor commented May 6, 2017

It seems like this is tied to #67 - perhaps both changes could be made at the same time?

@akihikodaki
Copy link
Contributor Author

Yes, just by replacing the change of package.json and yarn.lock in commit fcb244d. I will make a pull request soon.

@akihikodaki akihikodaki mentioned this issue May 6, 2017
Merged
@tommoor
Copy link
Owner

tommoor commented May 6, 2017

closed in d136819

@tommoor tommoor closed this as completed May 6, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tommoor @akihikodaki