CSP Compatibility

[GoogleCodeExporter]

Currently, as it stands, flot is not compatible with the strict modes of the 
new HTML5 Content Security Policy.

CSP is designed to impose strict restrictions on the scope of damage that can 
be done in the event of XSS and various other content injections. The full spec 
can be found here: http://www.w3.org/TR/CSP/

As it's currently implemented, flot requires unsafe-inline styles due to the 
recurring uses of style="..." throughout the javascript. This can either be 
resolved through issue 748 or by using javascript to apply the styles directly.

If the enhancement detailed in issue 748 is not desired I will write the 
patches required for CSP compliance using only javascript.

Original issue reported on code.google.com by anthonyr...@gmail.com on 31 Aug 2012 at 10:03

[GoogleCodeExporter]

This would also be addressed by Issue 519, which could be considered an 
opposite of issue 748, and possibly more preferable.

Original comment by anthonyr...@gmail.com on 31 Aug 2012 at 10:11

[GoogleCodeExporter]

Accepted, but classifying as an enhancement, since this is currently far from 
required.  May merge into issue 748 as necessary.

Original comment by dnsch...@gmail.com on 7 Sep 2012 at 9:46