Stack Overflow
Stack Overflow

Questions tagged [inline-scripting]

40 questions
16
votes
0 answers

What if script tag has both "src" and inline script?

I am wondering what if one script tag has both "src" and inline script. I tried below code.
Morgan Cheng
  • 73,950
  • 66
  • 171
  • 230
8
votes
3 answers

Django stripe js blocking of inline script

I'm trying to implement stripe payment system in Django. For adding card payments, I followed the guide in this link. After adding HTML markup in Django template and CSS and JS code as separate static files, I got the following console error in…
Elgin Cahangirov
  • 1,932
  • 4
  • 24
  • 45
6
votes
1 answer

Why are inline JS blocks unsafe?

I'm reading Chrome extension document "Content Security Policy (CSP)". It says: Inline JavaScript, as well as dangerous string-to-JavaScript methods like eval, will not be executed. This restriction bans both inline blocks and inline event…
weilou
  • 4,419
  • 10
  • 43
  • 56
5
votes
1 answer

Inline-script hash or nonce not accepted by CSP

I am developing a Flask App and it uses Flask-Talisman to incorporate a CSP. I wanted to create an inline script in one of my templates and instead of adding 'unsafe-inline' to the 'script-src' array of the CSP which could be potentially harmful to…
nosh
  • 620
  • 3
  • 14
  • 50
4
votes
1 answer

Mitmproxy tampering with GET and POST request/ response in one script

A POST request sent to a certain URL (http://test.com) looks like this: { "messageType": "OK", "city": { "Name": "Paris", "Views": { "1231": { "id": 4234, "enableView": false …
Richard3
  • 139
  • 1
  • 1
  • 7
3
votes
1 answer

Which directive is better between nonce and hash for CSP header to avoid unsafe-inline?

I have to add CSP header to a site. Issue is that this is a legacy code and there are lots of inline scripts and styles in the HTML. I cannot use 'unsafe-inline' as the aim is to actually make the site secure and this directive gives red flag in…
Hrishikesh Bawane
  • 149
  • 3
  • 13
2
votes
2 answers

Changing text and picture with one button using Javascript

So I've created a very basic practice page, where clicking each button will bring up a picture of the country. Below the picture is some text. My question is, how do you go about making the text below the picture also change with each button? For…
Kotor2
  • 21
  • 2
2
votes
2 answers

Why does my code violate the Content Security Policy?

I want to defer non-critical css using the following mechanism: I have the following Content Security Policy: Content-Security-Policy: default-src…
Stefan Benz
  • 29
  • 2
2
votes
2 answers

Inline scripting in ASP.NET

I want to learn advanced and basic things about ASP.NET inline scripting like Images/Logo.gif"/> or
Tarik
  • 79,711
  • 83
  • 236
  • 349
1
vote
1 answer

Yaml parameter to inline script

Hello I think the problem I am facing might be a beginner doubt, but here it is: I have a stage yaml which is called by my main yaml. Stage yaml has a parameter which I want to use in inline script. Here is the yaml (skeleton) parameters: - name:…
Lucky
  • 81
  • 6
1
vote
0 answers

Content Security Policy (CSP) with unsafe-hashes is not working on mozilla firefox

I used the unsafe-hashes for our Content-Security-Policy to override the errors for our html inline attached events, so in Chrome it works fine and scripts like this are working properly: The…
silvio rossi
  • 11
  • 2
1
vote
1 answer

dojo.xhrGet(): how to execute inline javascript?

simple question: How do I execute inline javascript in a HTML page snippet loaded with dojo.xhrGet()? Being new to dojo I'm a bit confused this doesn't just work like in JQuery ... Can anyone help?? Thanks, thomas
thomas
  • 2,297
  • 2
  • 22
  • 23
1
vote
3 answers

Ajax jQuery Best practices: avoid inline script?? then how do I pass variables

I just read in a best practices article for jquery and ajax that I should avoid defining behavior for elements on the page with inline script. That does make sense since it makes the code very readable. However, I want to ask what should I do then,…
vikmalhotra
  • 9,981
  • 20
  • 97
  • 137
1
vote
4 answers

A different angle on How to write html code inside php?

We write PHP code inside the HTML code via tags. So normally it would not make sense to write HTML code inside PHP code that is already inside HTML code, if you can just exit the PHP for the lines you need. But what if you need the HTML…
s3c
  • 1,481
  • 19
  • 28
1
vote
1 answer

Add inline Javascripts on Wordpress

I want to add inline Javascript on footer of my wordpress site. I know we can add inline Javascript using wp_add_inline_script. From my understanding from Codex tutorial, we have to register and enqueue scripts and then using…
Null
  • 69
  • 1
  • 14
1
2 3