You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working on implementing a Content-Security-Policy on the Koha project (https://github.com/Koha-Community/Koha) and it looks like we're using this MIDI player.
When you use a Content-Security-Policy to prevent inline Javascript from running, inline event handlers like onclick won't work anymore.
Hi folks,
I'm working on implementing a Content-Security-Policy on the Koha project (https://github.com/Koha-Community/Koha) and it looks like we're using this MIDI player.
When you use a Content-Security-Policy to prevent inline Javascript from running, inline event handlers like onclick won't work anymore.
We could replace the onclick handlers found around https://github.com/rism-digital/midi-player/blob/master/player/midiplayer.js#L386 with addEventListener() calls and all should work well.
I'm happy to look at writing a patch and sending in a pull request.
The text was updated successfully, but these errors were encountered: