0021669: Charts have inline scripts

ID	Project	Category	View Status	Date Submitted	Last Update
0021669	mantisbt	security	public	2016-09-07 00:31	2016-10-30 23:22

Reporter	vboctor	Assigned To	syncguru
Priority	normal	Severity	block	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	2.0.0-beta.2
Target Version	2.0.0-rc.1	Fixed in Version	2.0.0-rc.1

Summary	0021669: Charts have inline scripts
Description	We should update the usage of chart.js to avoid using inline scripts so we don't have to relax CSP header constrains for such pages.
Tags	csp, modern-ui

MantisBT: master 0d00ae93 2016-10-16 16:06 syncguru Committer: vboctor Details Diff	Relocate inline JS code in graph plugin to separate file Fixes 0021669	Affected Issues 0021669
	add - plugins/MantisGraph/MantisGraph.js	Diff File
	mod - plugins/MantisGraph/MantisGraph.php	Diff File
	mod - plugins/MantisGraph/core/graph_api.php	Diff File
MantisBT: master 1496d17f 2016-10-19 17:29 syncguru Committer: vboctor Details Diff	Relocate and load graph JS files from plugin files dir Fixes 0021669	Affected Issues 0021669
	mod - plugins/MantisGraph/MantisGraph.php	Diff File
MantisBT: master c97b135f 2016-10-19 17:48 syncguru Committer: vboctor Details Diff	Remove CSP allowing inline js code Fixes 0021669	Affected Issues 0021669
	mod - plugins/MantisGraph/MantisGraph.php	Diff File

related to	0021651	closed	syncguru	Dropzone has inline scripts in View Issue page
related to	0020040	closed	syncguru	Replace jscalendar by a newer widget

syncguru 2016-10-16 20:08 developer ~0054245	PR: https://github.com/mantisbt/mantisbt/pull/919