sonata-project / SonataMediaBundle

Symfony SonataMediaBundle
https://docs.sonata-project.org/projects/SonataMediaBundle
MIT License
451 stars 495 forks source link

Remove inline scripts #1092

Closed core23 closed 3 years ago

core23 commented 8 years ago

For many reasons, we should remove all scripts from the templates. We could replace them with data listerns like in the page bundle: https://github.com/sonata-project/SonataPageBundle/pull/562.

General

Inline scripts couldn't be cached and would pollute the html output.

Security

There is also a security bundle which introduces some interesting information about security. You could completly disable inline script via a http header to reduce possible XSS attacks.

For more information: http://www.w3.org/TR/CSP/

Todo

The following files contains inline scripts and should be removed in the next major release, because this is a BC break.

stale[bot] commented 4 years ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.