search

OFFLINE-GmbH / oc-gdpr-plugin

October CMS plugin to make websites GDPR and ePrivacy compliant
https://octobercms.com/plugin/offline-gdpr
MIT License
36 stars 20 forks source link

Remove inline onclick in components/cookiebanner/dismiss.htm #75

Open wordshop-git opened 3 years ago

wordshop-git commented 3 years ago 
<div class="gdpr-banner__dismiss">
    <button role="button" 
      tabindex="0" 
      aria-pressed="false"
      class="gdpr-banner__button--dismiss"
      onclick="document.querySelector('.gdpr-banner').remove()">&times;</button>
</div>

Could we change the above code to remove the onclick="" so we can more easily implement a good CSP with this plugin?

tobias-kuendig commented 3 years ago

You can easily override this partial and use whatever method you want to remove the banner on click. That's what partials are there for :wink:

wordshop-git commented 3 years ago

You can easily override this partial and use whatever method you want to remove the banner on click. That's what partials are there for 😉

That's what I did. But you guys make a CSP plugin would you not prefer your own plugins to work without having to run unsafe-inline ;)