Closed core23 closed 2 years ago
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
For many reasons, we should remove all scripts from the templates. We could replace them with data listerns like in the page bundle: https://github.com/sonata-project/SonataPageBundle/pull/562.
General
Inline scripts couldn't be cached and would pollute the html output.
Security
There is also a security bundle which introduces some interesting information about security. You could completly disable inline script via a http header to reduce possible XSS attacks.
For more information: http://www.w3.org/TR/CSP/
Todo
The following files contains inline scripts and should be removed in the next major release, because this is a BC break.