Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

onclick handlers incompatible with Content-Security-Policy #31

Open
minusdavid opened this issue Aug 24, 2023 · 1 comment
Open

onclick handlers incompatible with Content-Security-Policy #31

minusdavid opened this issue Aug 24, 2023 · 1 comment

Comments

@minusdavid
Copy link
Contributor

Hi folks,

I'm working on implementing a Content-Security-Policy on the Koha project (https://github.com/Koha-Community/Koha) and it looks like we're using this MIDI player.

When you use a Content-Security-Policy to prevent inline Javascript from running, inline event handlers like onclick won't work anymore.

We could replace the onclick handlers found around https://github.com/rism-digital/midi-player/blob/master/player/midiplayer.js#L386 with addEventListener() calls and all should work well.

I'm happy to look at writing a patch and sending in a pull request.

@minusdavid
Copy link
Contributor Author

Pull request available at #32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant