[wp-trac] [WordPress Trac] #32067: Remove inline javascript from WP-Core to allow CSP protection
WordPress Trac
noreply at wordpress.org
Wed Apr 22 21:26:48 UTC 2015
#32067: Remove inline javascript from WP-Core to allow CSP protection
-----------------------------+------------------------------
Reporter: tdelmas | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Changes (by johnbillion):
* type: enhancement => feature request
Comment:
Thanks for the ticket, tdelmas.
The majority of inline JS in WordPress is there to deliver localised
strings (via `wp_localize_script()`).
The only way we could eliminate these particular inline scripts is to
generate external JS files on the fly which contain the contents of the
scripts that would otherwise be output inline. We could do this, but it
would need a completely new approach to localised strings. This has been
mentioned before but I can't currently find the ticket in question.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32067#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list