diff options
author | Jelle van der Waa <jelle@vdwaa.nl> | 2019-12-18 17:33:26 +0100 |
---|---|---|
committer | Jelle van der Waa <jelle@vdwaa.nl> | 2019-12-18 17:33:33 +0100 |
commit | 1abf4357fa5a7b802246a5d93786de1b1c372605 (patch) | |
tree | 953cb17ddee611e889c67fe9b4a0b406653468f8 | |
parent | 6507d02ca978ef10afd8790f3acf0fc3f61253b5 (diff) | |
download | archweb-1abf4357fa5a7b802246a5d93786de1b1c372605.tar.gz archweb-1abf4357fa5a7b802246a5d93786de1b1c372605.zip |
packages: remove onclick handlerrelease_2019-12-18
The onclick handler is a CSP violator since no JavaScript is allowed to
be executed without a nounce. The inline script has been replaced with a
target="_blank".
Closes: #202
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
-rw-r--r-- | templates/packages/package_details.html | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/packages/package_details.html b/templates/packages/package_details.html index 3738ae49..27a4ce31 100644 --- a/templates/packages/package_details.html +++ b/templates/packages/package_details.html @@ -34,8 +34,8 @@ <li><a href="flag/" title="Flag {{ pkg.pkgname }} as out-of-date">Flag Package Out-of-Date</a> <a href="/packages/flaghelp/" title="Get help on package flagging" - onclick="return !window.open('/packages/flaghelp/','FlagHelp', - 'height=350,width=450,location=no,scrollbars=yes,menubars=no,toolbars=no,resizable=no');">(?)</a></li> + target="_blank" + >(?)</a></li> {% endif %} <li><a href="download/" rel="nofollow" title="Download {{ pkg.pkgname }} from mirror">Download From Mirror</a></li> </ul> |