search

shadowkai97 / fauxbar

Automatically exported from code.google.com/p/fauxbar
0 stars 0 forks source link

Specify or reduce the need for a Content Security Policy #87

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Chrome 18 requires manifest_version 2 (currently only noticeable when 
attempting to debug with an unpacked version of Fauxbar), which breaks Fauxbar 
in its current state, due to inline scripting and styling being prohibited 
without a Content Security Policy, which Fauxbar does not currently have.

I can't easily debug Fauxbar on Chrome 18 until I remedy this.

I think I either need to:
a. Specify a Content Security Policy in the manifest that allows inline 
scripting and inline styling, or
b. Do not use any inline scripting (eg create new JavaScript files, or append 
to existing ones), nor use any inline stylesheets (would have to use the 
FileSystem API for saving CSS styles).

I'd prefer to do option A but I'm a bit stumped. Created 
http://stackoverflow.com/questions/8502307/chrome-18-how-to-allow-inline-scripti
ng-with-a-content-security-policy to seek help.

If you download Fauxbar with Chrome 18, it seems mostly okay, though there's an 
error in the background console around removing old site thumbnails. I can't 
tackle this error until I resolve this issue.

Original issue reported on code.google.com by fauxbar....@gmail.com on 14 Dec 2011 at 10:41

GoogleCodeExporter commented 8 years ago 
New CSP restrictions have been added to Chrome 18:
http://code.google.com/p/chromium/issues/detail?id=107538

I can retain inline stylesheets but will need to move inline scripts into files.

Original comment by fauxbar....@gmail.com on 14 Dec 2011 at 8:38

GoogleCodeExporter commented 8 years ago 
Okay, working on adding a CSP and changing files as needed.

Original comment by fauxbar....@gmail.com on 14 Dec 2011 at 9:56

GoogleCodeExporter commented 8 years ago 
Committed necessary changes for this:
http://code.google.com/p/fauxbar/source/detail?r=202
>This commit adds a Content Security Policy (CSP) and changes lots of files to
comply with this; basically moving all inline scripts (which Fauxbar had a lot
of!) into existing or new JavaScript files. Hardly worth releasing on its own,
but acts as a good checkpoint for further development.

Original comment by fauxbar....@gmail.com on 16 Dec 2011 at 8:19

GoogleCodeExporter commented 8 years ago 
Added in v1.2.5.

Original comment by fauxbar....@gmail.com on 17 Dec 2011 at 12:13