Bug #13600
closedCSP violation with WMenuItem
100%
Description
While trying out the new nonce functionality, I noticed a Content Security Policy violation. Here is an attached screenshot of the error message.
It occured with a WPopupMenu widget while clicking one of the items. I could also reproduce the issue with WNavigationBar, WMenu and WTabWidget - basically everything that uses WMenuItem, which is represented by an <a> tag. The issue itself seems to be caused by the href="javascript:void(0);" attribute. Since this is intended to do nothing, the functionality of the widget itself is not impared, but everytime an item is selected a CSP violation error is logged in the browser console.
Best regards,
Steven
Files
Updated by Matthias Van Ceulebroeck about 2 months ago
- Target version set to 4.11.4
Hello Steven,
that does indeed seem like something missed in #13501. I believe those were added to make tabbing over those elements work correctly. We'll look into alternatives for it.
Best,
Matthias
Updated by Romain Mardulyn about 2 months ago
- Status changed from New to InProgress
- Assignee set to Romain Mardulyn
Updated by Romain Mardulyn about 2 months ago
- Status changed from InProgress to Review
- Assignee deleted (
Romain Mardulyn)
Updated by Matthias Van Ceulebroeck 25 days ago
- Assignee set to Matthias Van Ceulebroeck
Updated by Matthias Van Ceulebroeck 16 days ago
- Status changed from Review to Implemented @Emweb
- Assignee changed from Matthias Van Ceulebroeck to Romain Mardulyn
- % Done changed from 0 to 100
Updated by Matthias Van Ceulebroeck 14 days ago
- Status changed from Implemented @Emweb to Implemented @Test
Updated by Matthias Van Ceulebroeck 14 days ago
- Status changed from Implemented @Test to Closed