Comments (2)
Currently, GWT requires unsafe-inline
(and also using the direct_install
linker; see #9725). It should be possible to instead use the hashes for all possible scripts, but obtaining them is not that easy (could be possible using an additional linker maybe?)
Using a nonce might be possible by subclassing CrossSiteIframeLinker and replacing the getJsRunAsync
and getJsInstallScript
.
It might also be possible to only use <script src>
by subclassing CrossSiteIframeLinker and replacing the getJsRunAsync
and wrapDeferredFragment
.
from gwt.
If you can add a nonce to load your js script, I think you can use 'stric-dynamic' to prevent the error on appendChild()
According to https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#browser_compatibility 'strict-dynamic' is supported by major browsers except 'Firefox for Android'
from gwt.
Related Issues (20)
- Add compiler implementation, JRE emulation, and tests for Java 16 record types
- EZT doclet doesn't use jpms modules in links
- Error running java 17+ byte code in devmode server HOT 5
- Is there a way to secure GWT RPC service APIs from vulnerability attacks like Stored cross site scripting? HOT 2
- Looking for a solution to authorize and secure GWT RPC API calls HOT 2
- Java 9 BigInteger constructors with offset/length params missing HOT 4
- RequestFactory tests fails under java 21 due to changes in the List API
- GWT release with Jetty 11.x HOT 2
- Remove general usage of Window `unload` event
- Explore options to update `long` emulation
- Enum and Enum[] can't be received on Java 21
- Properties defined with JsProperty are not enumerable, do not work with spread operator HOT 1
- java.io.Reader.read(char[] buf/char[] buf, int off, int len) must throw IOException
- GWT compile errors when trying to build with GWT 2.10 or 2.11 HOT 14
- Finish removing deprecated SynchronousFragmentLoadCallback
- Explore eagerly initializing selected classes HOT 2
- GWT 2.12 deprecations/removals HOT 1
- Can't set UNNECESSARY roundingMode HOT 3
- Error on compile Java 8 - GWT 2.11 HOT 3
- Optimize out casts that must succeed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gwt.