Summary: | kde.org gets a B in observatory.mozilla.org | ||
---|---|---|---|
Product: | [Websites] www.kde.org | Reporter: | Albert Astals Cid <aacid> |
Component: | general | Assignee: | kde-www mailing-list <kde-www> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jan, mundolibre, nate, schwancarl |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Albert Astals Cid
2017-05-01 10:36:27 UTC
We now get B+, it is progress but still not good. The biggest reason we get a bad grade is because we don't have a Content Security Policy enabled. I just added a basic one: default-src https: 'unsafe-inline' but to improve it more we will need to hunt for all the instance of inline js for example onclick="js code" and inline style for example style="width: 800px". There are tons of them in the generated changelogs for example :( Now is a bare B. The URL to the scan has changed: https://observatory.mozilla.org/analyze/www.kde.org I notice that mozilla.org itself only gets a B+! https://observatory.mozilla.org/analyze/www.mozilla.org As reporter of the original bug, i think "B" is an acceptable result (compared to the D+ we got before) and I'd be fine if we decided to close this as fixed FWIW google.com gets a c- and wikipedia.org gets a D+! Since the criteria here seem very strict, B is probably fine, yeah. |