Opened 5 years ago

Closed 3 years ago

#18271 closed enhancement (fixed)

move <script> from wml files to separate js files

Reported by: arma Owned by: hiro
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Right now we have <script> tags mixed with our other html in the wml files on the website.

Weasel believes that if we move the scripts to their own separate .js files, then we could enable a Content-Security-Policy header with script-src 'self', thus making it harder for xss injections.

This seems like a wise step to take.

Affected files include (and I think are limited to):
en/index.wml
donate/en/donate.wml
donate/en/donate-amazon.wml
docs/en/debian.wml
download/en/download-easy.wml
download/en/download.wml
docs/torbutton/en/index.wml

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by Sebastian

I wonder if it is possible to mirror amazon's JS. other than that, I think this should be doable for script-src self

comment:2 Changed 4 years ago by Sebastian

Owner: changed from Sebastian to cypherpunks
Status: newassigned

comment:3 Changed 3 years ago by hiro

Owner: changed from cypherpunks to hiro

comment:4 Changed 3 years ago by hiro

Resolution: fixed
Status: assignedclosed

This is now complete.

Note: See TracTickets for help on using tickets.