search

lorenzofox3 / Smart-Table

Code source of Smart Table module: a table/grid for Angularjs
http://lorenzofox3.github.io/smart-table-website/
1.8k stars 513 forks source link

Content Security Policy: safe-src does not play nice with stPagination #799

Closed mh03r932 closed 6 years ago

mh03r932 commented 6 years ago

When a Website uses 

 'Content-Security-Policy':  script-src 'self'

but does not allow 'unsafe-inline' for scripts then browsers will produce an error when clicking on the a specific page-link in the pagination.

Refused to execute JavaScript URL because it violates the following Content Security Policy directive:   script-src 'self'

The reason for this is, that the stPagination has script links in its template

href="javascript: void(0);"

According to stackoverflow this warning can not be circumvented whith sha- hashes. So the only option is to allow unsafe-inline which is less than ideal.

Proposed solution

mh03r932 commented 6 years ago

I tried to implement my suggestion in this PR

800