HTML generated has inline unsafe style and script tags #4632
Comments
|
Log and report are generated using jQuery templates. We cannot affect the results other than by changing the tech. We are planning to do that in somewhat near future and Libdoc already uses a new tech (#4304). There doesn't seem to be an issue about log/report rewrite yet, but I can submit one. If you want to help, it would be interesting to know how Libdoc HTML outputs work under CSP. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
The test documentation that is generated from Robot Framework is adding inline style (css) and java script code blocks , so these are not allowed in default CSP settings and thus getting blocked when opened from Jenkins UI. The workaround for this is to enable these settings which are actually not recommended.
style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;
Wondering why inline script and style tags are added in the generated HTML using this testdoc command.
python -m robot.testdoc [options] data_sources output_file
On the other side I checked some other documentation that is generated using Doxygen and it does not contain any inline tags, that is safer to open in Jenkins.
Please let me know if this is a known issue or is there any other workaround that you can suggest.
Thanks for your time.
The text was updated successfully, but these errors were encountered: