Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#8290 closed bug (duplicate)

Datepicker inline "onclick" handler causes CSP violations

Reported by: dmethvin Owned by:
Priority: minor Milestone: 1.9.0
Component: ui.datepicker Version: 1.8.20
Keywords: Cc:
Blocked by: Blocking:


Datepicker injects some HTML into the page using $() that has an inline JavaScript onclick handler. In environments that support Content Security Policy or other script injection measures, this causes a security exception. Datepicker throws an exception when initialized in a Windows 8 Metro environment, for example. This appears to be the only UI widget using inline handlers.

Change History (2)

comment:1 Changed 11 years ago by Scott González

Resolution: duplicate
Status: newclosed

comment:2 Changed 11 years ago by Scott González

Duplicate of #3945.

Note: See TracTickets for help on using tickets.