diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-02-21 19:15:23 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-02-21 19:15:23 +0100 |
| commit | cb913a3a76daf357ad36ca39c26b4aaf800211d2 (patch) | |
| tree | 99eec0a9021ed4dd829e95ee3fa61de349789e9b /app | |
| parent | b4864149889a749042d344625d4ffbdbd3f8a3cc (diff) | |
CSP for statistics and forms
https://github.com/FreshRSS/FreshRSS/issues/1075
Diffstat (limited to 'app')
| -rw-r--r-- | app/FreshRSS.php | 6 | ||||
| -rw-r--r-- | app/layout/aside_feed.phtml | 2 | ||||
| -rw-r--r-- | app/layout/nav_menu.phtml | 2 | ||||
| -rw-r--r-- | app/views/extension/index.phtml | 2 | ||||
| -rw-r--r-- | app/views/feed/add.phtml | 2 | ||||
| -rwxr-xr-x | app/views/helpers/pagination.phtml | 2 | ||||
| -rw-r--r-- | app/views/stats/idle.phtml | 2 | ||||
| -rw-r--r-- | app/views/stats/index.phtml | 10 | ||||
| -rw-r--r-- | app/views/stats/repartition.phtml | 10 | ||||
| -rw-r--r-- | app/views/subscription/index.phtml | 4 |
10 files changed, 23 insertions, 19 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php index a6ed2a306..62ea18d96 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -111,7 +111,11 @@ class FreshRSS extends Minz_FrontController { } public static function preLayout() { - header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'"); + if (Minz_Request::controllerName() === 'stats') { + header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'"); + } else { + header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *"); + } } private function loadNotifications() { diff --git a/app/layout/aside_feed.phtml b/app/layout/aside_feed.phtml index 307db6af8..4e1903a7a 100644 --- a/app/layout/aside_feed.phtml +++ b/app/layout/aside_feed.phtml @@ -19,7 +19,7 @@ <a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('index.menu.about'); ?></a> <?php } ?> - <form id="mark-read-aside" method="post" style="display: none"></form> + <form id="mark-read-aside" method="post" aria-hidden="true"></form> <ul class="tree"> <li class="tree-folder category all<?php echo FreshRSS_Context::isCurrentGet('a') ? ' active' : ''; ?>"> diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml index 3a755b560..0f303beb8 100644 --- a/app/layout/nav_menu.phtml +++ b/app/layout/nav_menu.phtml @@ -79,7 +79,7 @@ ); ?> - <form id="mark-read-menu" method="post" style="display: none"></form> + <form id="mark-read-menu" method="post" aria-hidden="true"></form> <div class="stick" id="nav_menu_read_all"> <?php $confirm = FreshRSS_Context::$user_conf->reading_confirm ? 'confirm' : ''; ?> diff --git a/app/views/extension/index.phtml b/app/views/extension/index.phtml index f2d05028f..4b0d5ebeb 100644 --- a/app/views/extension/index.phtml +++ b/app/views/extension/index.phtml @@ -5,7 +5,7 @@ <h1><?php echo _t('admin.extensions.title'); ?></h1> - <form id="form-extension" method="post" style="display: none"></form> + <form id="form-extension" method="post" aria-hidden="true"></form> <?php if (!empty($this->extension_list['system'])) { ?> <h2><?php echo _t('admin.extensions.system'); ?></h2> <?php diff --git a/app/views/feed/add.phtml b/app/views/feed/add.phtml index 35f6fbb12..fd6d41b1d 100644 --- a/app/views/feed/add.phtml +++ b/app/views/feed/add.phtml @@ -56,7 +56,7 @@ <option value="nc"><?php echo _t('sub.category.new'); ?></option> </select> - <span style="display: none;"> + <span aria-hidden="true"> <input type="text" name="new_category[name]" id="new_category_name" autocomplete="off" placeholder="<?php echo _t('sub.category.new'); ?>" /> </span> </div> diff --git a/app/views/helpers/pagination.phtml b/app/views/helpers/pagination.phtml index b20201c4b..7eca8c525 100755 --- a/app/views/helpers/pagination.phtml +++ b/app/views/helpers/pagination.phtml @@ -14,7 +14,7 @@ ); ?> -<form id="mark-read-pagination" method="post" style="display: none"></form> +<form id="mark-read-pagination" method="post" aria-hidden="true"></form> <ul class="pagination"> <li class="item pager-next"> diff --git a/app/views/stats/idle.phtml b/app/views/stats/idle.phtml index 22117792d..11b7df8c4 100644 --- a/app/views/stats/idle.phtml +++ b/app/views/stats/idle.phtml @@ -18,7 +18,7 @@ <div class="stat"> <h2><?php echo _t('gen.date.' . $period); ?></h2> - <form id="form-delete" method="post" style="display: none"></form> + <form id="form-delete" method="post" aria-hidden="true"></form> <?php foreach ($feeds as $feed) { ?> <ul class="horizontal-list"> diff --git a/app/views/stats/index.phtml b/app/views/stats/index.phtml index c11b88999..0a2fbdb10 100644 --- a/app/views/stats/index.phtml +++ b/app/views/stats/index.phtml @@ -66,18 +66,18 @@ <div class="stat"> <h2><?php echo _t('admin.stats.entry_per_day'); ?></h2> - <div id="statsEntryPerDay" style="height: 300px"></div> + <div id="statsEntryPerDay" class="statGraph"></div> </div> <div class="stat half"> <h2><?php echo _t('admin.stats.feed_per_category'); ?></h2> - <div id="statsFeedPerCategory" style="height: 300px"></div> + <div id="statsFeedPerCategory" class="statGraph"></div> <div id="statsFeedPerCategoryLegend"></div> - </div><!-- + </div> - --><div class="stat half"> + <div class="stat half"> <h2><?php echo _t('admin.stats.entry_per_category'); ?></h2> - <div id="statsEntryPerCategory" style="height: 300px"></div> + <div id="statsEntryPerCategory" class="statGraph"></div> <div id="statsEntryPerCategoryLegend"></div> </div> </div> diff --git a/app/views/stats/repartition.phtml b/app/views/stats/repartition.phtml index 980b26a3d..ffb2c361e 100644 --- a/app/views/stats/repartition.phtml +++ b/app/views/stats/repartition.phtml @@ -48,17 +48,17 @@ <div class="stat"> <h2><?php echo _t('admin.stats.entry_per_hour', $this->averageHour); ?></h2> - <div id="statsEntryPerHour" style="height: 300px"></div> + <div id="statsEntryPerHour" class="statGraph"></div> </div> <div class="stat half"> <h2><?php echo _t('admin.stats.entry_per_day_of_week', $this->averageDayOfWeek); ?></h2> - <div id="statsEntryPerDayOfWeek" style="height: 300px"></div> - </div><!-- + <div id="statsEntryPerDayOfWeek" class="statGraph"></div> + </div> - --><div class="stat half"> + <div class="stat half"> <h2><?php echo _t('admin.stats.entry_per_month', $this->averageMonth); ?></h2> - <div id="statsEntryPerMonth" style="height: 300px"></div> + <div id="statsEntryPerMonth" class="statGraph"></div> </div> </div> diff --git a/app/views/subscription/index.phtml b/app/views/subscription/index.phtml index 2cfe3f33c..07cebf817 100644 --- a/app/views/subscription/index.phtml +++ b/app/views/subscription/index.phtml @@ -28,7 +28,7 @@ </select> </li> - <li class="input" style="display:none"> + <li class="input" aria-hidden="true"> <input type="text" name="new_category[name]" id="new_category_name" autocomplete="off" placeholder="<?php echo _t('sub.category.new'); ?>" /> </li> @@ -62,7 +62,7 @@ </ul> </div> - <form id="controller-category" method="post" style="display: none;"></form> + <form id="controller-category" method="post" aria-hidden="true"></form> <?php foreach ($this->categories as $cat) { |