Remove inline scripts

[core23]

For many reasons, we should remove all scripts from the templates. We could replace them with data listerns like in the page bundle: https://github.com/sonata-project/SonataPageBundle/pull/562.

General

Inline scripts couldn't be cached and would pollute the html output.

Security

There is also a security bundle which introduces some interesting information about security. You could completly disable inline script via a http header to reduce possible XSS attacks.

For more information: http://www.w3.org/TR/CSP/

Todo

The following files contains inline scripts and should be removed in the next major release, because this is a BC break.

• [ ] https://github.com/sonata-project/SonataSeoBundle/blob/master/Resources/views/Block/_facebook_sdk.html.twig
• [ ] https://github.com/sonata-project/SonataSeoBundle/blob/master/Resources/views/Block/_twitter_sdk.html.twig

[stale[bot]]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.