Project

General

Profile

Actions
Copy link

Bug #13600

open

CSP violation with WMenuItem

Added by Steven Köhler 8 days ago. Updated 8 days ago.

Status:
Review
Priority:
Normal
Assignee:
-
Target version:
4.11.4
Start date:
03/03/2025
Due date:
% Done:

0%

Estimated time:

Description

While trying out the new nonce functionality, I noticed a Content Security Policy violation. Here is an attached screenshot of the error message.

It occured with a WPopupMenu widget while clicking one of the items. I could also reproduce the issue with WNavigationBar, WMenu and WTabWidget - basically everything that uses WMenuItem, which is represented by an <a> tag. The issue itself seems to be caused by the href="javascript:void(0);" attribute. Since this is intended to do nothing, the functionality of the widget itself is not impared, but everytime an item is selected a CSP violation error is logged in the browser console.

Best regards,
Steven

Files

csp-err.PNG (34.5 KB) csp-err.PNG Steven Köhler, 03/03/2025 09:54 AM
Actions
Copy link
 #1

Updated by Matthias Van Ceulebroeck 8 days ago

  • Target version set to 4.11.4

Hello Steven,

that does indeed seem like something missed in #13501. I believe those were added to make tabbing over those elements work correctly. We'll look into alternatives for it.

Best,
Matthias

Actions
Copy link
 #2

Updated by Romain Mardulyn 8 days ago

  • Status changed from New to InProgress
  • Assignee set to Romain Mardulyn
Actions
Copy link
 #3

Updated by Romain Mardulyn 8 days ago

  • Status changed from InProgress to Review
  • Assignee deleted (Romain Mardulyn)
Actions
Copy link

Also available in: Atom PDF