[wp-trac] [WordPress Trac] #39941: Allow using Content-Security-Policy without unsafe-inline
WordPress Trac
noreply at wordpress.org
Wed Feb 24 15:13:49 UTC 2021
#39941: Allow using Content-Security-Policy without unsafe-inline
-------------------------------------------------+-------------------------
Reporter: tomdxw | Owner:
| adamsilverstein
Type: enhancement | Status: closed
Priority: normal | Milestone: 5.7
Component: Security | Version: 4.8
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests commit | Focuses: javascript
has-dev-note |
-------------------------------------------------+-------------------------
Comment (by Rahe):
Hello,
The wp_sanitize_script_attributes function seems add complexity where
there is none.
We can remove the double if by a single if statement :
{{{#!php
if ( is_bool( $attribute_value ) && $attribute_value ) {
...
}
}}}
Or remove the else and use a continue instead :
{{{#!php
if ( is_bool( $attribute_value ) && $attribute_value ) {
$attributes_string .= $html5_script_support ? sprintf( '
%1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) :
' ' . $attribute_name;
continue;
}
$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name
), esc_attr( $attribute_value ) );
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39941#comment:95>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list