Polylang without inline scripts | WordPress.org

adfisch
(@adfisch)

5 years, 5 months ago

Dear Polylang-team,

I’m a very happy user of your plug-in. However, there is one thing that could be improved for security reasons: Polylang uses an inline script to set the pll_language cookie accordingly. Recently, I have introduced Content Security Policies (CSP) at my customers’ websites in order to guard them against XSS attacks. However, their effect is limited when inline scripts cannot be disabled. Do you think it would be possible to replace this inline script with a different solution?

More information on CSP and inline scripts can be found here:
https://developers.google.com/web/fundamentals/security/csp

Thanks for your feedback.

The topic ‘Polylang without inline scripts’ is closed to new replies.

0 replies
1 participant
Last reply from: adfisch
Last activity: 5 years, 5 months ago
Status: not a support question