-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non-inline JS #373
Comments
I don't think it will be possible because most of the actions that are related to yadcf must happen before the actions of datatables and in most cases it will prevent from the original dt action to happen (filter instead of sort) any way, I think that there are more fine grained solutions rather then using the |
Thanks for the reply! Unfortunately hashes and nonces are limited to Perhaps if I hard-coded a list of the inline scripts yadcf generates this could work though is a bit beefy: one would have to compute hashes for every inline handler (including one for each table/column as the values differ slightly) but seems possible to do |
I'm have the same issue. Any suggestions on a work around? |
Plus one - any changes possible here? |
I think #675 fixes this issue. |
I have merged @stringfellow PR, let me know how it works for you |
Currently in order to use yadcf with Content Security Policy one has to add the
unsafe-inline
policy due to the added on* attributes to the HTML (e.g.onchange
). From what I understand addingunsafe-inline
is suboptimal as it works around one of the nice safety features CSP providesWould it be possible/feasable to use
.on()
or similar for filtering instead of inline script?The text was updated successfully, but these errors were encountered: