indygreg added a comment.
In https://phab.mercurial-scm.org/D3437#54736, @yuja wrote:
> Maybe needs `href="#"` to make it look like a link?
Good catch. I submitted a follow-up at https://phab.mercurial-scm.org/D3438.
Feel free to roll into this one on hg-committed if it looks
yuja added a comment.
Maybe needs `href="#"` to make it look like a link?
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D3437
To: indygreg, #hg-reviewers, krbullock
Cc: yuja, krbullock, mercurial-devel
___
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG0c71ac1d8b02: paper: dont register click handlers
with inline javascript (issue5812) (authored by indygreg, committed by ).
REPOSITORY
rHG Mercurial
CHANGES SINCE LAST UPDATE
krbullock accepted this revision.
krbullock added a comment.
This revision is now accepted and ready to land.
Queued, thanks.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D3437
To: indygreg, #hg-reviewers, krbullock
Cc: krbullock, mercurial-devel
indygreg created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
The use of inline href="javascript:" undermines CSP policies that
don't allow inline javascript.
This commit changes the registering of the diffstat and
