#1188 mod_http_muc_log: Split inline JS and CSS into extra files
Reporter
Link Mauve
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Priority-Medium
Component-Community
Type-Enhancement
Link Mauve
on
Description of feature:
Make log files load an external style and script files, rather than embedding them in the HTML.
Motivation: (Why?)
With Content-Security-Policy, it’s common nowadays to forbid any unsafe internal scripts and style sheets from executing, reducing the attack vectors by a wide margin.
Zash
on
I recommend you make your own theme for this.
Link Mauve
on
One of my goals here is to eventually make Prosody modules default to useful CSP rules for their usage.
Description of feature: Make log files load an external style and script files, rather than embedding them in the HTML. Motivation: (Why?) With Content-Security-Policy, it’s common nowadays to forbid any unsafe internal scripts and style sheets from executing, reducing the attack vectors by a wide margin.
I recommend you make your own theme for this.
One of my goals here is to eventually make Prosody modules default to useful CSP rules for their usage.
Done in https://hg.prosody.im/prosody-modules/rev/d4b0a995e5e3
Changes