jQWidgets Forums
Forum Replies Created
-
Author
-
is there an update to this topic?
Edit: sorry, haven’t seen this: http://jsfiddle.net/txhi/Lf16v5um/November 10, 2019 at 6:26 pm in reply to: Content-Security-Policy compliance Content-Security-Policy compliance #107291Hi Peter,
thank you for clarification.With Regards,
The Deploy Duck
November 6, 2019 at 2:29 pm in reply to: Content-Security-Policy compliance Content-Security-Policy compliance #107258Hi Peter,
what I meen is explained here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
Please scroll down to “Unsafe inline styles”.One possibility is to use hash – but only if the skript isn’t dynamic.
The other possiblity to allow inline css with CSP fully activated is to label the inserted css with a nonce like this:
<style nonce="2726c7f26c"> #inline-style { background: red; } </style>In addition, the nonce must be entered in the header of the page in the corresponding Content Security Policy:
Content-Security-Policy: style-src 'nonce-2726c7f26c'I understand that this could be difficult to implement in your product. But maybe the one described here is an approach that you could follow:
https://stackoverflow.com/questions/24713440/banned-inline-style-csp-and-dynamic-positioning-of-html-elements
Take a look at answer 17.I took a quick look at the sources of jqxcore.js. In it I find “setAttribute” used.
Maybe that’s an approach. Should only be a suggestion.Have nice day
The Deploy Duck
November 5, 2019 at 3:57 pm in reply to: Content-Security-Policy compliance Content-Security-Policy compliance #107247Hello Peter,
thank you for your answer. I understand, that It’s difficult to build such a great toolset without using inline css.CSP for scripts is an absolute must have from my point of view. In this regard, jqWidgets is absolute exemplary.
CSP for inline css, in my estimation, is a less dramatic risk. Nevertheless, we are trying hard to maximize the security of our system because it involves medical data that should not fall into the wrong hands. Therefore, the question of whether you see a way to protect the used inline scripts by hash or nonce.
Thanks
The DeployDuck
August 28, 2019 at 5:49 pm in reply to: Add custom button to scheduler toolbar Add custom button to scheduler toolbar #106624Hello Peter,
work’s perfekt.
Thank you.Best Regards,
DeployDuckJuly 16, 2019 at 1:16 pm in reply to: Using showfilterrow , groupable and autoloadstate Using showfilterrow , groupable and autoloadstate #106091Hello Todor,
can you please let me know as soon as there is a solution or workaround.
Thank you.DeployDuck
July 12, 2019 at 4:11 pm in reply to: Using showfilterrow , groupable and autoloadstate Using showfilterrow , groupable and autoloadstate #106058Hello Todor,
thank you for your answer. I just read the docs but unfortunately I’m not quite smart, which is wrong with my approach. sorry.
In order to clarify where my problem lies, I have created a simplified example that shows the faulty behavior.https://jsfiddle.net/DeployDuck/y1p692re/
To reproduce the error, drag a column into the grouping area and then run again.
You receive the error message:Uncaught TypeError: Cannot read property 'style' of undefined at d (jqx-all.js:97) at c.<computed>._updatefilterrowui (jqx-all.js:97) at c.<computed>._updatefilterrow (jqx-all.js:97) at c.<computed>._rendercolumnheaders (jqx-all.js:83) at c.<computed>.rendergridcontent (jqx-all.js:83) at c.<computed>._loadselectionandcolumnwidths (jqx-all.js:95) at c.<computed>.loadstate (jqx-all.js:95) at o (jqx-all.js:83) at b.jqx.dataview.dataview.update (jqx-all.js:83) at n (jqx-all.js:83)I’m glad if you please point me to the right direction.
Many Thanks.The DeployDuck
-
AuthorPosts