View Issue Details

IDProjectCategoryView StatusLast Update
0021669mantisbtsecuritypublic2016-10-30 23:22
Reportervboctor 
Assigned Tosyncguru 
PrioritynormalSeverityblockReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.0.0-beta.2 
Target Version2.0.0-rc.1Fixed in Version2.0.0-rc.1 
Summary0021669: Charts have inline scripts
Description

We should update the usage of chart.js to avoid using inline scripts so we don't have to relax CSP header constrains for such pages.

Tagscsp, modern-ui

Relationships

related to 0021651 closedsyncguru Dropzone has inline scripts in View Issue page 
related to 0020040 closedsyncguru Replace jscalendar by a newer widget 

Activities

Related Changesets

MantisBT: master 0d00ae93

2016-10-16 20:06:53

syncguru


Committer: vboctor Details Diff
Relocate inline JS code in graph plugin to separate file

Fixes 0021669
add - plugins/MantisGraph/MantisGraph.js Diff File
mod - plugins/MantisGraph/MantisGraph.php Diff File
mod - plugins/MantisGraph/core/graph_api.php Diff File

MantisBT: master 1496d17f

2016-10-19 21:29:14

syncguru


Committer: vboctor Details Diff
Relocate and load graph JS files from plugin files dir

Fixes 0021669
mod - plugins/MantisGraph/MantisGraph.php Diff File

MantisBT: master c97b135f

2016-10-19 21:48:47

syncguru


Committer: vboctor Details Diff
Remove CSP allowing inline js code

Fixes 0021669
mod - plugins/MantisGraph/MantisGraph.php Diff File

Issue History

Date Modified Username Field Change
2016-09-07 00:31 vboctor New Issue
2016-09-07 00:31 vboctor Relationship added related to 0021651
2016-09-07 00:32 vboctor Tag Attached: modern-ui
2016-09-07 01:50 vboctor Relationship added related to 0020040
2016-09-07 01:51 vboctor Tag Attached: csp
2016-09-20 02:48 vboctor Severity minor => block
2016-09-20 12:38 atrol Target Version => 2.0.0-beta.3
2016-10-02 19:16 dregad Target Version 2.0.0-beta.3 => 2.0.0-rc.1
2016-10-16 20:03 syncguru Assigned To => syncguru
2016-10-16 20:03 syncguru Status new => assigned
2016-10-16 20:08 syncguru Note Added: 0054245
2016-10-17 02:04 vboctor Category reports => security
2016-10-19 22:12 vboctor Changeset attached => MantisBT master 0d00ae93
2016-10-19 22:12 vboctor Changeset attached => MantisBT master 1496d17f
2016-10-19 22:12 vboctor Changeset attached => MantisBT master c97b135f
2016-10-19 22:12 vboctor Assigned To syncguru => vboctor
2016-10-19 22:12 vboctor Status assigned => resolved
2016-10-19 22:12 vboctor Resolution open => fixed
2016-10-19 22:12 vboctor Fixed in Version => 2.0.0-rc.1
2016-10-19 22:13 vboctor Assigned To vboctor => syncguru
2016-10-30 23:22 vboctor Status resolved => closed