Fix CSP issues by using CSSOM to reset styles when possible

kenwheeler / slick

the last carousel you'll ever need

kenwheeler.github.io/slick

MIT License

28.34k stars 5.88k forks source link

Fix CSP issues by using CSSOM to reset styles when possible #4100

Open JeanSebTr opened 3 years ago

JeanSebTr commented 3 years ago

This fix Content-Security-Policy issues for the most common cases (see #2399 and #3799).

That most common case being using slick without having the style attribute set on individual carousel items so that the reset of slick can remove all CSS props using the CSSOM APIs.

I'm not sure if test cases can be added for this.

kamodulin commented 3 years ago

Hi @JeanSebTr! I wanted to do this on my end since I don't know how long it will be before this is merged. I was just wondering if I only have to modify slick.js or do I also have to change slick.min.js? Thank you!

JeanSebTr commented 3 years ago

Hi @kamodulin ! It depends on how you're importing slick into your project. If you use slick.min.js, you'll have to build it and honestly, I did not manage to do so. I instead used Accessible360/accessible-slick which has a more modern build process.