[www.kde.org] [Bug 379399] kde.org gets a D+ in observatory.mozilla.org
carl
bugzilla_noreply at kde.org
Mon Jul 13 19:38:02 BST 2020
https://bugs.kde.org/show_bug.cgi?id=379399
carl <schwancarl at protonmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |schwancarl at protonmail.com
Ever confirmed|0 |1
Status|REPORTED |CONFIRMED
--- Comment #1 from carl <schwancarl at protonmail.com> ---
We now get B+, it is progress but still not good. The biggest reason we get a
bad grade is because we don't have a Content Security Policy enabled.
I just added a basic one: default-src https: 'unsafe-inline' but to improve it
more we will need to hunt for all the instance of inline js for example
onclick="js code" and inline style for example style="width: 800px". There are
tons of them in the generated changelogs for example :(
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-www
mailing list