Works and is usefull.
-
Works. Solves a problem. I will keep it for now.
[ Text removed. I was complaining about an issue that finally proved to be caused by core wp files, not this plugin. This plugin is great.]
-
Thank you for the review and feedback on the CSP.
Not exactly sure what inline javascript you are referred to. The only JS that the plugin loads is in the Widgets admin area–and this is being appended properly by enqueueing an external .js file.
Feel free to open a support thread here on WordPress or on GitHub and we will be happy to get that inline js issue sussed out!
Because this “inline js” was the cause of an only average review (***), I will post the js here:
The action when I select a category or year from the dropdown list:
<script type=’text/javascript’>
/* <![CDATA[ */
( function() {
var dropdown = document.getElementById( ‘wp-block-categories-1’ );
function onCatChange() {
if ( dropdown.options[ dropdown.selectedIndex ].value > 0 ) {
location.href = “https://luolaseura.fi/?cat=” + dropdown.options[ dropdown.selectedIndex ].value;
}
}
dropdown.onchange = onCatChange;
})();
/* ]]> */
</script>I have now opened a support thread. Let’s see what causes this problem. But it’s clear that without allowing inline javascript the dropdown menus do nothing :/ WordPress is a complicated environment, as I have noticed during the last ten years…
Oops, sorry, that piece of code comes from WordPress core π
Not your fault. I will correct my original review.That inline javascript that prevents proper use of CSP (and opens doors to XSS), comes from wp-includes/blocks/categories.php and from wp-includes/widgets/class-wp-widget-categories.php See: https://core.trac.wordpress.org/ticket/32067
The topic ‘Works and is usefull.’ is closed to new replies.
