diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
forked from https://github.com/symfony/symfony
This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
37,133 Commits 24 Branches 563 Tags 228 MiB
PHP 98.7%
Twig 1.1%
CSS 0.1%
fb4c79bca7
Go to file
Fabien Potencier fb4c79bca7 bug #27584 Avoid calling eval when there is no script embedded in the toolbar (stof) 
This PR was merged into the 4.1 branch.

Discussion
----------

Avoid calling eval when there is no script embedded in the toolbar

| Q             | A
| ------------- | ---
| Branch?       | 4.1
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #27583
| License       | MIT
| Doc PR        | n/a

#27189 changed the way embedded scripts were eval'd for the toolbar. But it also refactored the code in a way triggering `eval` all the time, even when there is no embedded script, which was reported several times as an issue with CSP.

While the debug panel (showing dumps) still requires having `unsafe-eval` in the CSP header (due to embedding scripts that we eval), this PR reverts back to the behavior of Symfony 4.0 and older, where only toolbars actually embedding scripts have this CSP compat issue.

Commits
-------

a0f78a5e0b Avoid calling eval when there is no script embedded in the toolbar
2018-06-13 07:33:56 +02:00
.composer Drop hirak/prestissimo 2016-05-12 07:44:15 -05:00
.github CODEOWNERS: some more rules 2018-05-30 07:26:26 +02:00
src/Symfony Avoid calling eval when there is no script embedded in the toolbar 2018-06-12 14:15:08 +02:00
.editorconfig Add EditorConfig File 2012-06-16 14:08:15 +02:00
.gitignore Add appveyor.yml for C.I. on Windows 2015-08-25 23:41:37 +02:00
.php_cs.dist [DI] Service decoration: autowire the inner service 2018-03-20 19:23:30 +01:00
.travis.yml [Messenger] Add AMQP adapter 2018-04-12 09:15:52 +01:00
appveyor.yml Merge branch '3.4' into 4.0 2018-04-26 18:12:06 +02:00
CHANGELOG-4.0.md updated CHANGELOG for 4.0.11 2018-05-25 15:32:46 +02:00
CHANGELOG-4.1.md updated CHANGELOG for 4.1.0 2018-05-30 14:52:06 +02:00
composer.json Merge branch '4.0' 2018-05-01 16:02:13 -07:00
CONTRIBUTING.md Mention the community review guide 2016-12-18 22:02:35 +01:00
CONTRIBUTORS.md update CONTRIBUTORS for 2.7.47 2018-05-21 13:48:28 +02:00
LICENSE fixed years in copyright 2018-01-03 08:23:28 +01:00
link [DI] Minor performance tweak in PriorityTaggedServiceTrait 2018-05-03 17:03:52 -07:00
phpunit Default testsuite to latest PHPUnit 6.* 2018-05-25 15:04:04 +02:00
phpunit.xml.dist [Cache] Rely on mock for Doctrine ArrayCache 2018-03-19 23:12:11 +01:00
README.md Merge branch '2.8' into 3.4 2018-05-25 16:50:57 +02:00
UPGRADE-4.0.md Merge branch '2.8' into 3.4 2018-05-31 12:13:22 +02:00
UPGRADE-4.1.md Merge branch '4.0' into 4.1 2018-05-31 12:17:53 +02:00
UPGRADE-5.0.md [Workflow] "clear()" instead of "reset()" 2018-04-29 09:31:06 -07:00

README.md

Symfony is a PHP framework for web applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).

Installation

Documentation

Community

Contributing

Symfony is an Open Source, community-driven project with thousands of contributors. Join them contributing code or contributing documentation.

Security Issues

If you discover a security vulnerability within Symfony, please follow our disclosure procedure.

About Us

Symfony development is sponsored by SensioLabs, led by the Symfony Core Team and supported by Symfony contributors.