Обсуждение: [pgadmin-hackers] Content Security Policy

Поиск
Список
Период
Сортировка

[pgadmin-hackers] Content Security Policy

От
Jonas Thelemann
Дата:
Good day pgadmin-hackers,

my name is Jonas Thelemann and I just joined this mailing list. It's my first mailing list, so I try my best to not make any mistakes.
I joined because I want to contribute some small adjustments to pgadmin. More precisely to address CSP (Content Security Policy) issues.
I wanted to migrate from phppgadmin to pgadmin, because it's the more contemporary solution, it's possible to influence the development and because I had problems with my website's CSP restrictions with phppgadmin. The main problem is just that there is inline JavaScript on the html page(s) which is considered as insecure by CSP. This issue is very easy to eliminate though. All occurrences of '<script>foo</script>' - I counted three so far - have to be replaced with '<script src="bar"></script>'.
If no one else is currently "working" [that's not serious work, I know] on this and this can be realized, I'd like to make these small changes to get to know Git a little bit better.

Greetings from Germany,
Jonas Thelemann

Re: [pgadmin-hackers] Content Security Policy

От
Dave Page
Дата:
Hi

On Tue, Jan 10, 2017 at 8:51 AM, Jonas Thelemann
<e-mail@jonas-thelemann.de> wrote:
> Good day pgadmin-hackers,
>
> my name is Jonas Thelemann and I just joined this mailing list. It's my
> first mailing list, so I try my best to not make any mistakes.
> I joined because I want to contribute some small adjustments to pgadmin.
> More precisely to address CSP (Content Security Policy) issues.
> I wanted to migrate from phppgadmin to pgadmin, because it's the more
> contemporary solution, it's possible to influence the development and
> because I had problems with my website's CSP restrictions with phppgadmin.
> The main problem is just that there is inline JavaScript on the html page(s)
> which is considered as insecure by CSP. This issue is very easy to eliminate
> though. All occurrences of '<script>foo</script>' - I counted three so far -
> have to be replaced with '<script src="bar"></script>'.
> If no one else is currently "working" [that's not serious work, I know] on
> this and this can be realized, I'd like to make these small changes to get
> to know Git a little bit better.

Please feel free to submit a patch. I don't believe anyone is working on this.

Thanks, Dave.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company