Andreas Gohr

The index.php is a very simple example application using the library. It doesn't have any user authentication and is meant for personal use only. Anyone running this unprotected on the...

Hmm I thought about readding the function, as a wrapper around the new `prepareLanguageSelectorItem()`, but the output would differ and require changes in the template code anyway, so it's probably...

Which editing interface? What script exactly is blocked? I don't think there's any inline script involved in DokuWiki's editor, but I might be wrong. But I need more details to...

Ahh of course. We do set a couple of variables in the page header. These are session and user dependent and thus can not be put into the (cachable) external...

Naa, it's enough information to work on this. Thanks.

> Gonna bump this I hope you are aware how rude this is? If this is so important to you, where's your PR?

quick note to self: we can not add to an already set CSP header: https://chrisguitarguy.com/2019/07/05/working-with-multiple-content-security-policy-headers/

@fjf2002 well, I am not here to make pentesters happy. Inline scripts aren't unsafe by being inline scripts. The issue is that it is easier to sneak in an inline...

PR would be welcome. Remember to parse the json back into a variable.

>> would delay the execution > > Well, marginally, don't you think? Significantly. All external javascript is loaded with the defer attribute and only executes after the DOM has been...