| Summary: | kde.org gets a B in observatory.mozilla.org | ||
|---|---|---|---|
| Product: | [Websites] www.kde.org | Reporter: | Albert Astals Cid <aacid> |
| Component: | general | Assignee: | kde-www mailing-list <kde-www> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | jan, mundolibre, nate, schwancarl |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
|
Description
Albert Astals Cid
2017-05-01 10:36:27 UTC
We now get B+, it is progress but still not good. The biggest reason we get a bad grade is because we don't have a Content Security Policy enabled. I just added a basic one: default-src https: 'unsafe-inline' but to improve it more we will need to hunt for all the instance of inline js for example onclick="js code" and inline style for example style="width: 800px". There are tons of them in the generated changelogs for example :( Now is a bare B. The URL to the scan has changed: https://observatory.mozilla.org/analyze/www.kde.org I notice that mozilla.org itself only gets a B+! https://observatory.mozilla.org/analyze/www.mozilla.org As reporter of the original bug, i think "B" is an acceptable result (compared to the D+ we got before) and I'd be fine if we decided to close this as fixed FWIW google.com gets a c- and wikipedia.org gets a D+! Since the criteria here seem very strict, B is probably fine, yeah. |