From e-mail@jonas-thelemann.de Sun Jun 7 04:03:32 2026 Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cQn0H-0007PL-94 for pgadmin-hackers@arkaria.postgresql.org; Tue, 10 Jan 2017 03:21:41 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1cQn0G-0004qQ-SO for pgadmin-hackers@arkaria.postgresql.org; Tue, 10 Jan 2017 03:21:40 +0000 Received: from makus.postgresql.org ([2001:4800:1501:1::229]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1cQn02-00045J-KN for pgadmin-hackers@postgresql.org; Tue, 10 Jan 2017 03:21:26 +0000 Received: from relay2-d.mail.gandi.net ([2001:4b98:c:538::194]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1cQmzz-00076O-2z for pgadmin-hackers@postgresql.org; Tue, 10 Jan 2017 03:21:25 +0000 Received: from mfilter21-d.gandi.net (mfilter21-d.gandi.net [217.70.178.149]) by relay2-d.mail.gandi.net (Postfix) with ESMTP id 7C73EC5A50 for ; Tue, 10 Jan 2017 04:21:20 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mfilter21-d.gandi.net Received: from relay2-d.mail.gandi.net ([IPv6:::ffff:217.70.183.194]) by mfilter21-d.gandi.net (mfilter21-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id 8pKgHf9i6Gos for ; Tue, 10 Jan 2017 04:21:18 +0100 (CET) X-Originating-IP: 79.224.173.85 Received: from [192.168.178.82] (p4FE0AD55.dip0.t-ipconnect.de [79.224.173.85]) (Authenticated sender: e-mail@jonas-thelemann.de) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 9212BC5A4F for ; Tue, 10 Jan 2017 04:21:18 +0100 (CET) To: pgadmin-hackers@postgresql.org From: Jonas Thelemann Subject: Content Security Policy Message-ID: <881a8266-3214-c44d-2fbd-26e1ef5b007d@jonas-thelemann.de> Date: Tue, 10 Jan 2017 04:21:18 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------CF6578DFA0D97238FFDF9371" X-Pg-Spam-Score: -2.6 (--) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgadmin-hackers Precedence: bulk Sender: pgadmin-hackers-owner@postgresql.org This is a multi-part message in MIME format. --------------CF6578DFA0D97238FFDF9371 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Good day pgadmin-hackers, my name is Jonas Thelemann and I just joined this mailing list. It's my first mailing list, so I try my best to not make any mistakes. I joined because I want to contribute some small adjustments to pgadmin. More precisely to address CSP (Content Security Policy ) issues. I wanted to migrate from phppgadmin to pgadmin, because it's the more contemporary solution, it's possible to influence the development and because I had problems with my website's CSP restrictions with phppgadmin. The main problem is just that there is inline JavaScript on the html page(s) which is considered as insecure by CSP. This issue is very easy to eliminate though. All occurrences of '' - I counted three so far - have to be replaced with ''. If no one else is currently "working" [that's not serious work, I know] on this and this can be realized, I'd like to make these small changes to get to know Git a little bit better. Greetings from Germany, Jonas Thelemann --------------CF6578DFA0D97238FFDF9371 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit Good day pgadmin-hackers,

my name is Jonas Thelemann and I just joined this mailing list. It's my first mailing list, so I try my best to not make any mistakes.
I joined because I want to contribute some small adjustments to pgadmin. More precisely to address CSP (Content Security Policy) issues.
I wanted to migrate from phppgadmin to pgadmin, because it's the more contemporary solution, it's possible to influence the development and because I had problems with my website's CSP restrictions with phppgadmin. The main problem is just that there is inline JavaScript on the html page(s) which is considered as insecure by CSP. This issue is very easy to eliminate though. All occurrences of '<script>foo</script>' - I counted three so far - have to be replaced with '<script src="bar"></script>'.
If no one else is currently "working" [that's not serious work, I know] on this and this can be realized, I'd like to make these small changes to get to know Git a little bit better.

Greetings from Germany,
Jonas Thelemann
--------------CF6578DFA0D97238FFDF9371-- From dpage@pgadmin.org Sun Jun 7 04:03:32 2026 Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cQneH-0002Si-LV for pgadmin-hackers@arkaria.postgresql.org; Tue, 10 Jan 2017 04:03:01 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1cQneH-0002Q5-22 for pgadmin-hackers@arkaria.postgresql.org; Tue, 10 Jan 2017 04:03:01 +0000 Received: from makus.postgresql.org ([2001:4800:1501:1::229]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1cQneG-0002Py-If for pgadmin-hackers@postgresql.org; Tue, 10 Jan 2017 04:03:00 +0000 Received: from mail-io0-x231.google.com ([2607:f8b0:4001:c06::231]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from ) id 1cQneC-0007os-Ry for pgadmin-hackers@postgresql.org; Tue, 10 Jan 2017 04:02:58 +0000 Received: by mail-io0-x231.google.com with SMTP id v96so96246311ioi.0 for ; Mon, 09 Jan 2017 20:02:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pgadmin-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=oRfRcLPKYsiQZz5b08HdGRPHAO5bPGVBmTOAls4RpOQ=; b=jEkSY5mm/bUDOBxi2vldpnEMnkuYTwOzUbQHQ0yvx9S/jSqDCyRwBhUpk06N5yme3x t/1SMnseZAXfg3v7RlxhPLSSRC4a8FuRZB9gkhI66ZZ4alfdXvyVp/h/eNjMHgQlxcQg j4F1XtAMGRSZeUqP12TkH8T++NMfBnEb0PRRYl39506K4/mKvv4JCZHj0PzXoEyIrGOB nGgQAwntxqDsbjAN9+sUXIOr3PTFclKDPRI58y7ZNit60FQPnnXZK6P4CQNoCh6wjSLt q1Cmig+k/yXVtTMti+9W1vUsxGYl0v85DqdsJW0clurlg/m809qEBXjFPx37M9QGHSI7 VBFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=oRfRcLPKYsiQZz5b08HdGRPHAO5bPGVBmTOAls4RpOQ=; b=O9T4qS66RvKXomV4MS/1nRKAhf2HtEs6uOEWCWlFqCa2yAOk2V13+B181cKx1EjpSE dlura26VuuzuzMU/vfYFO3MoKQ+mcaz6X70fy15///kvvuonLyTU2dzbplIWYhGc5ENe AfoWcIy6+yNN9KJZFM1Q38Z8c6QYrW1JPnsiXepYIt+O/anZV6pUBgBS9D0oecUCvWcD tuPiqsMjAHIm6CCLDZ6PNxUC/FUuNKQk2HanJ0f3VdUQgF9cOxUQX5Hc4qixmoFD9ZVx aclQTmO4cx6nnDEBKhBqgdWkRAH8T2E7KGDmYRIHf+9cRgQ/7vbFWqvBzgGg7qoyTgFB FB0A== X-Gm-Message-State: AIkVDXKdrOcSZIYWcxnSZVtkeoc/KKLLBnY8kI6Ph+vpUDdeCsoydz6ElCpiDI64PY+Cylt3IYt63jpr0Pvqcg== X-Received: by 10.107.18.230 with SMTP id 99mr1397294ios.45.1484020966777; Mon, 09 Jan 2017 20:02:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.224.198 with HTTP; Mon, 9 Jan 2017 20:02:45 -0800 (PST) In-Reply-To: <881a8266-3214-c44d-2fbd-26e1ef5b007d@jonas-thelemann.de> References: <881a8266-3214-c44d-2fbd-26e1ef5b007d@jonas-thelemann.de> From: Dave Page Date: Tue, 10 Jan 2017 09:32:45 +0530 Message-ID: Subject: Re: Content Security Policy To: Jonas Thelemann Cc: pgadmin-hackers Content-Type: text/plain; charset=UTF-8 X-Pg-Spam-Score: -2.6 (--) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgadmin-hackers Precedence: bulk Sender: pgadmin-hackers-owner@postgresql.org Hi On Tue, Jan 10, 2017 at 8:51 AM, Jonas Thelemann wrote: > Good day pgadmin-hackers, > > my name is Jonas Thelemann and I just joined this mailing list. It's my > first mailing list, so I try my best to not make any mistakes. > I joined because I want to contribute some small adjustments to pgadmin. > More precisely to address CSP (Content Security Policy) issues. > I wanted to migrate from phppgadmin to pgadmin, because it's the more > contemporary solution, it's possible to influence the development and > because I had problems with my website's CSP restrictions with phppgadmin. > The main problem is just that there is inline JavaScript on the html page(s) > which is considered as insecure by CSP. This issue is very easy to eliminate > though. All occurrences of '' - I counted three so far - > have to be replaced with ''. > If no one else is currently "working" [that's not serious work, I know] on > this and this can be realized, I'd like to make these small changes to get > to know Git a little bit better. Please feel free to submit a patch. I don't believe anyone is working on this. Thanks, Dave. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgadmin-hackers