Bug 379399 - kde.org gets a B in observatory.mozilla.org
Summary: kde.org gets a B in observatory.mozilla.org
Alias: None
Product: www.kde.org
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal (vote)
Target Milestone: ---
Assignee: kde-www mailing-list
Depends on:
Reported: 2017-05-01 10:36 UTC by Albert Astals Cid
Modified: 2021-12-11 17:02 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:


Note You need to log in before you can comment on or make changes to this bug.
Description Albert Astals Cid 2017-05-01 10:36:27 UTC
I guess it'd be nice to get a better grade.

Comment 1 carl 2020-07-13 18:38:02 UTC
We now get B+, it is progress but still not good. The biggest reason we get a bad grade is because we don't have a  Content Security Policy enabled.

I just added a basic one: default-src https: 'unsafe-inline' but to improve it more we will need to hunt for all the instance of inline js for example onclick="js code" and inline style for example style="width: 800px". There are tons of them in the generated changelogs for example :(
Comment 2 David Marzal 2021-12-07 22:42:32 UTC
Now is a bare B.

The URL to the scan has changed:
Comment 3 Nate Graham 2021-12-11 16:34:21 UTC
I notice that mozilla.org itself only gets a B+!

Comment 4 Albert Astals Cid 2021-12-11 16:37:59 UTC
As reporter of the original bug, i think "B" is an acceptable result (compared to the D+ we got before)  and I'd be fine if we decided to close this as fixed
Comment 5 Nate Graham 2021-12-11 17:02:43 UTC
FWIW google.com gets a c- and wikipedia.org gets a D+! Since the criteria here seem very strict, B is probably fine, yeah.