- π¨π¦Canada gapple
Quickedit has been removed from Drupal 10
https://www.drupal.org/node/3227039 β
https://www.drupal.org/project/drupal/issues/3228986 β
Since quickedit may load CKEditor on a page via AJAX, it needs to allow script-src-attr 'unsafe-inline'. It is currently done on any request that includes the quickedit library, regardless of the actual content on the page.
When quickedit is used, only apply 'unsafe-inline' if there are editable fields that use text formats / CKEditor.
Closed: won't fix
1.0
Code
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Quickedit has been removed from Drupal 10
https://www.drupal.org/node/3227039 β
https://www.drupal.org/project/drupal/issues/3228986 β