diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-08-16 10:50:15 -0400 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2021-08-16 22:13:03 +0000 |
commit | 86df4acd140d61ab2f82e8c17e3118865f867c9a (patch) | |
tree | 5542473f5e17c8f1cfdb32d2ecb1f867c65dc07a /lib/PublicInbox/UserContent.pm | |
parent | 943be29048b2aa652b53929243bdda3d5464f980 (diff) | |
download | public-inbox-86df4acd140d61ab2f82e8c17e3118865f867c9a.tar.gz |
All pages carry the following inlined css declaration: <style>pre{white-space:pre-wrap}*{font-size:100%;font-family:monospace}</style> However, site security policies may deliberately prohibit execution of inline content such as scripts and stylesheets as an extra layer of protection against XSS vulnerabilities. For example, with the following HTTP headers returned by the server, the inline styles above will be ignored: Content-Security-Policy: default-src 'self' This causes public-inbox content to be rendered poorly on mobile devices due to the default <pre> behaviour. Duplicating this declaration into the contrib stylesheets makes sure that these styles are applied even with the strictest security policies in place. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Diffstat (limited to 'lib/PublicInbox/UserContent.pm')
0 files changed, 0 insertions, 0 deletions