Comments (7)
To be honest, I have absolutely no idea what you are talking about.
from django-tinymce4-lite.
Haha, ok, I'll elaborate. @romanvm
There is a security header called Content Security Policy (CSP). You can prevent - or enable - from which sources the browser should load page contents. This can be very helpful in securing your website.
There was even a talk at the djangoCon Europe this year.
You can explicitly disable loading inline scripts because they might have been injected at some point. Django 2.0 or 2.1 cleaned up the admin so they don't have any inline code lying around anymore so you can set the CSP to a quite safe and strict policy.
But when I enable the strict and for django ok policiy, the TinyMCE editor which comes with this plugin, does not work anymore.
The TinyMCE docs say that you should be able to use this strict policy. So I just assumed that the problem is within this package.
If you want to try it out on your own: The package you need is django-csp
and enable the strict policy in the settings with:
CSP_DEFAULT_SRC = (
"'self'",
"'unsafe-inline'", # this is the one
)
Hope this helps!
from django-tinymce4-lite.
Thank you for your explanation. Indeed, this application attaches TinyMCE widget to textareas via inline <script>
tags. If you disable that, it won't work any more.
As for fixing this, I will consider this. And PRs are always welcome.
from django-tinymce4-lite.
@romanvm Cool, thanks! I'd love to help but currently my tasks for django plugins pile up and I don't get anything done. Sorry π’
from django-tinymce4-lite.
@romanvm Any update on the topic? π
from django-tinymce4-lite.
Honestly, my priorities have changed, and I have not time to develop this package beyond minimal maintenance. So any pull request are welcome.
from django-tinymce4-lite.
Alright, thanks for the update.
from django-tinymce4-lite.
Related Issues (20)
- Admin shows old tinymc HOT 6
- Changing setup parameters in TinyMCE config HOT 1
- Not working in Widget HOT 2
- embed social media HOT 1
- The big problem for productiong with fu*ked strings HOT 2
- Language "locked in" on first page load HOT 10
- how can i change color of text area in django-tinymce-4-lite? HOT 2
- issue Textfield shows html in production HOT 32
- How to add custom classes to specific elements? HOT 2
- i want set default fontsize and font family HOT 1
- Use django JSON serialization to support lazy gettext HOT 4
- Plans for TinyMCE 5 ? HOT 6
- Multiple Timymce toolbars settings HOT 6
- Lot of "debugging" errors HOT 15
- Support for django 2.2 HOT 1
- ERROR: Reverse for 'tinymce-css' not found. HOT 1
- X-Frame-Options: βDENYβ HOT 4
- s3 storage for uploaded images HOT 4
- Tinymce not working with ManifestStaticFilesStorage HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-tinymce4-lite.