erp5_web_js_style: display data uri image

9352f3b1 · Romain Courteaud · cd343f79 · 9352f3b1 · 9352f3b1
Commit 9352f3b1 authored Feb 16, 2023 by Romain Courteaud
2 changed files
--- a/bt5/erp5_web_js_style/SkinTemplateItem/portal_skins/erp5_web_js_style_ui/WebSection_generateContentSecurityPolicy.py
+++ b/bt5/erp5_web_js_style/SkinTemplateItem/portal_skins/erp5_web_js_style_ui/WebSection_generateContentSecurityPolicy.py
-content_security_policy = "default-src 'self'"
+content_security_policy = "default-src 'self'; img-src 'self' data:"

 if no_style_gadget_url:
  content_security_policy += "; frame-src 'self' https://www.youtube-nocookie.com/embed/"

--- a/bt5/erp5_web_js_style_test/PathTemplateItem/portal_tests/js_style_zuite/testJsStyleContentSecurityPolicy.zpt
+++ b/bt5/erp5_web_js_style_test/PathTemplateItem/portal_tests/js_style_zuite/testJsStyleContentSecurityPolicy.zpt
@@ -32,7 +32,7 @@
 </tr>
 <tr>
  <td>assertElementPresent</td>
-  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; script-src 'none'"]</td>
+  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; img-src 'self' data:; script-src 'none'"]</td>
  <td></td>
 </tr>

@@ -54,7 +54,7 @@
 </tr>
 <tr>
  <td>assertElementPresent</td>
-  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; script-src 'none'"]</td>
+  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; img-src 'self' data:; script-src 'none'"]</td>
  <td></td>
 </tr>

@@ -79,7 +79,7 @@
 </tr>
 <tr>
  <td>assertElementPresent</td>
-  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; frame-src 'self' https://www.youtube-nocookie.com/embed/"]</td>
+  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; img-src 'self' data:; frame-src 'self' https://www.youtube-nocookie.com/embed/"]</td>
  <td></td>
 </tr>

@@ -101,7 +101,7 @@
 </tr>
 <tr>
  <td>assertElementPresent</td>
-  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; frame-src 'self' https://www.youtube-nocookie.com/embed/"]</td>
+  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; img-src 'self' data:; frame-src 'self' https://www.youtube-nocookie.com/embed/"]</td>
  <td></td>
 </tr>

@@ -115,7 +115,7 @@
 </tr>
 <tr>
  <td>assertElementPresent</td>
-  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; script-src 'none'"]</td>
+  <td>//head/meta[@http-equiv='Content-Security-Policy' and @content="default-src 'self'; img-src 'self' data:; script-src 'none'"]</td>
  <td></td>
 </tr>