HtmlTestRunner icon indicating copy to clipboard operation
HtmlTestRunner copied to clipboard

Published 20 hours ago verified publisher icon oldani

Inline HTML styles conflict with Content Security Policy

Open Melebius opened this issue 1 year ago • 0 comments

  • HtmlTestRunner version: 1.2.1
  • Python version: 3.8.10
  • Operating System: Ubuntu 20.04.6 LTS

Description

We use HtmlTestRunner for tests that are run on a Jenkins server. The HTML reports can be viewed in Jenkins but the stylesheets do not load, resulting in poorly rendered reports.

The Content Security Policy of Jenkins does not allow inline HTML styles. This can be worked around using the unsafe-inline keyword but the documentation recommends: “avoid using the unsafe-inline keyword in your CSP policy”.

I guess this could be solved with a CSP hash of the style if all the styles appearing in reports were defined in one <style> block and then referred to using attributes like class or id.

Melebius avatar Jan 18 '24 13:01 Melebius