bryan-brancotte
commented
1 week ago P.S: I'll work on fixing the test if we go in the direction of removing the script tag
Open bryan-brancotte opened 1 week ago
bryan-brancotte
commented
1 week ago P.S: I'll work on fixing the test if we go in the direction of removing the script tag
Hi all
The CSP compatibility have already been investigated for bootstrap 5, and I was wondering if we could also do it for bootstrap 4, I stumbled upon this compatibility issue some weeks ago.
Following bootstrap doc by using bs-custom-file-input plugin I was able to remove the script tag (cf #29) and thus make the file field compatible with CSP. My question is whether we should or not remove the script tag as it is a breaking change, all current setup of crispy with custome-file-input and without the plugin will not work visually not work anymore. In a setup with bootstrap 4.3, even with the plugin, the file chosen was not rendered, I had to update to 4.6. Would mentioning in the doc that we have to use boostrap 4.6 and bs-custom-file-input or an equivalent is enough ?
P.S: by csp compatible, I mean without using
unsafe-inline