Emoticons and BBcode plugin no longer requires an inline-unsave source
Replacement for href onclick HTML method in BBcode-toolbar and Emoticons-Toolbar
This nonce attribute can be used in plugins, templates and in the admin area to ensure inline code even with stricter CSP version 3
Description
Scripts are integrated with a nonce (<script nonce=“rAnd0m”....). The hexadecimal value is changed each time the page is called. The variable is located in the array $fp_config ['plugins'] ['fpprotect'] ['random_hex'] and can be included in templates with {$fp_config.plugins.fpprotect.random_hex}.
If required, this nonce can be pushed into the HTML response header as a directive via the FPProtect plugin. The client browser then checks whether a nonce value is stored in the script directive and waves all scripts with the same nonce through as safe.
Note
To enable the FlatPress admin to migrate their own plugins and templates, the self inline-unsave https: script directive is still active. I recommend completing the migration promptly and activating the default secure script directive to prevent XSS attacks on vulnerabilities in the scripts.
Description Scripts are integrated with a nonce (
<script nonce=“rAnd0m”....). The hexadecimal value is changed each time the page is called. The variable is located in the array$fp_config ['plugins'] ['fpprotect'] ['random_hex']and can be included in templates with{$fp_config.plugins.fpprotect.random_hex}.If required, this nonce can be pushed into the HTML response header as a directive via the FPProtect plugin. The client browser then checks whether a nonce value is stored in the script directive and waves all scripts with the same nonce through as safe.
Note To enable the FlatPress admin to migrate their own plugins and templates, the
self inline-unsave https:script directive is still active. I recommend completing the migration promptly and activating the default secure script directive to prevent XSS attacks on vulnerabilities in the scripts.