Transmission is going to be updating the WebUI to operate under a Content Security Policy in the future (see Transmission #5894). CSP imposes some constraints on the way things are coded in exchange for strong protection against XSS, Clickjacking and other kinds of malicious activity.
This pull request does the brunt of the work preparing Shift for these changes. The new rules that will apply to all future changes include:
No eval() in javascript
No style attributes in HTML
No data URIs
To accomplish this, the following changes have been made:
Hide the element using prototype rather than style="display: none;"
Convert shift.png from data URI to static file and optimize
Convert background gradient from data URI to CSS gradient
The only remaining problem is going to be with the riffwave javascript library that's included which generates data URIs. There are two solutions available here and I will be happy to implement either of them:
Include a .wav file and load it with javascript.
Use the new AudioContext API (does not support Internet Explorer yet, but will eventually).
Please let me know how you would like to proceed with the riffwave problem.
Transmission is going to be updating the WebUI to operate under a Content Security Policy in the future (see Transmission #5894). CSP imposes some constraints on the way things are coded in exchange for strong protection against XSS, Clickjacking and other kinds of malicious activity.
This pull request does the brunt of the work preparing Shift for these changes. The new rules that will apply to all future changes include:
To accomplish this, the following changes have been made:
The only remaining problem is going to be with the riffwave javascript library that's included which generates data URIs. There are two solutions available here and I will be happy to implement either of them:
Please let me know how you would like to proceed with the riffwave problem.