[wp-trac] [WordPress Trac] #58664: Eliminate manual construction of script tags in WP_Scripts and of inline scripts on frontend/login screen
WordPress Trac
noreply at wordpress.org
Sun Aug 10 07:07:48 UTC 2025
#58664: Eliminate manual construction of script tags in WP_Scripts and of inline
scripts on frontend/login screen
-------------------------------------------------+-------------------------
Reporter: westonruter | Owner:
| westonruter
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.4
Component: Script Loader | Version: 6.3
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests has-dev- | Focuses: javascript
note |
-------------------------------------------------+-------------------------
Comment (by westonruter):
FYI: I've just published the "[https://wordpress.org/plugins/strict-csp/
Strict CSP]" plugin ([https://github.com/westonruter/strict-csp/ GitHub
repo]). It enables a Strict Content Security Policy on the frontend and
the login screen, assuming the theme and plugins are printing scripts
using the relevant APIs and not just printing `<script>` tags directly.
Once #59446 is addressed, then the plugin could also apply to the admin.
Hopefully the repo can serve as a way for us to collaborate on how a site
can opt-in to Strict CSP.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58664#comment:40>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list