View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0019501 | mantisbt | roadmap | public | 2015-03-14 15:40 | 2015-03-16 16:12 |
Reporter | dregad | Assigned To | dregad | ||
Priority | low | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0-beta.1 | ||||
Target Version | 1.3.0-beta.2 | Fixed in Version | 1.3.0-beta.2 | ||
Summary | 0019501: The progress bar in Roadmap is broken | ||||
Description | Color always fills 100% of the bar, regardless of actual progress percentage | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
This is caused by CSP blocking inline styles. As a quick (maybe even final) fix we can change header to
The curious thing is that it works in FF and Safari, but Safari shows the following new error in console after the change |
|
Hi Roland, Thanks for your note. I know it's CSP... In fact I initially did just what you proposed below, but for security reasons I'd rather avoid adding style-src 'self' as a permanent solution, although I suppose it could be OK as temporary workaround. I started playing around with replacing the progress bar by a jQuery widget, which I think would be more elegant. |
|
|
|
Sorry, that's what I meant.
Why not ? I mean, we are bundling jQuery/jQueryUI... what's the point if we then refrain from using it ? EDIT: As a side note, I can't think of any way to achieve the colored progress bar without using inline style or javascript. If you have any ideas let me know. |
|
I thought about this some more, and I think that it is an acceptable risk to selectively enable inline styles for the roadmap page only, as a temporary workaround for this issue. We can revisit this later on. I'm still interested in hearing your opinion on use of jQuery though, but maybe the mailing list is a better channel for that discussion. |
|
Doing it the same way we are handling status colors should work (css/status_config.php) |
|
The problem with this approach, is that while the CSS is dynamically generated, it is still static from the perspective of the page using it, i.e. the classes are defined once when the DCSS is included. In the case of the progress bars, we are setting their width at run time. So, following this approach, the php script would have to generate 101 distinct CSS classes (one per percentage point), e.g. width0, width1, width2, etc until width100, to define all possible widths. That's easy enough, but not very efficient. |
|
You are right.
TBH, I like none of both approaches. Another approach could be to use HTML5 canvas or SVG.
I have personally no problem to require JavaScript to run MantisBT. Maybe we have even to enforce it in 1.3.x as there is at least one regression when disabling JavaScript, see 0019508. |
|
MantisBT: master 62bfce99 2015-03-15 14:53 Details Diff |
CSP: enable inline style for roadmap_page.php This is a quick&dirty workaround that resolves the issue of broken progress bars in the Roadmap, where color always fills 100% of the bar, regardless of the actual progress percentage. Fixes 0019501 |
Affected Issues 0019501 |
|
mod - core/http_api.php | Diff File |