Regular Labs home page

Tabs & Accordions

Search
Other Tabs & Accordions questions
Forum

Content Security Policy settings

Remco Bouwens's Avatar Remco Bouwens
1 year 1 month ago
Hi there,

I'm trying to make a Content Security Policy using the wizard at a website called report-uri.com. This wizard will show you the detected items on a website. I let it ran for a week and the detected items contained a lot of 'unsafe-inline', 'unsafe-eval' directives:

default-src 'unsafe-inline'
script-src-attr 'unsafe-inline'
script-src-elem 'unsafe-inline'
script-src 'unsafe-eval'
script-src 'unsafe-inline'
style-src-attr 'unsafe-inline'
style-src-elem 'unsafe-inline'
style-src 'unsafe-inline'

In my opinion the website will remain vulnerable when whitelisting these in the CSP. Are there specific directives that should have the 'unsafe-inline' or 'unsafe-eval' expressions for Tabs & Accordions to work properly?

Thanks in advance!
Peter van Westen's Avatar Peter van Westen ADMIN
1 year 1 month ago
Sorry, I have no idea what you are referring to.
Tabs & Accordions doesn't use any script-src-attr, script-src-elem, etc.
Please post a rating at the Joomla! Extensions Directory
Remco Bouwens's Avatar Remco Bouwens
1 year 1 month ago
Hi Peter,

In other words: Does Tabs & Accordions use inline scripts or styles?
Peter van Westen's Avatar Peter van Westen ADMIN
1 year 1 month ago
No, it doesn't.
Please post a rating at the Joomla! Extensions Directory
Remco Bouwens's Avatar Remco Bouwens
1 year 1 month ago
Thanks!
You can only post on the extension support forum if you have an active subscription and you log in

Buy a Pro subscription
Forgot your username?
Forgot your password?
Register