Stimulus controller to attach custom signed inline code
Open, NormalPublic3 Points
Actions

Assigned To

None

Authored By

	kuba-orlik
	Tue, Jul 29, 17:29

Description

Create a Stimulus controller that allows attaching custom code like so:

<div data-controller="signed-inline" signed-onclick="/* SIGNATURE=SHA-256:68b329da9893e34099c7d8ad5cb9c940 */ alert('hello')">
</div>

The signature is generated server-side with RSA/SHA-256. The stimulus controller should first validate the code, and if it's properly signed, attach the event handler (onclick in this example case) with the code wrapped in eval.

Checking the signature requires knowledge of the public key used for signing. The key should be expected to be available as base64 in a global variable SIGNED_INLINE_PUBLIC_KEY

Also create a function to be used server-side that takes code to sign and the private key and properly creates a string with the signed code

Related Objects
Search...

		Status	Assigned	Task
		Open	None	T3049 Prohibit unsafe-inline using CSP in sealious-playground
		Open	None	T3050 Stimulus controller to attach custom signed inline code

Event Timeline

kuba-orlik created this task.Tue, Jul 29, 17:29

kuba-orlik moved this task from Freezer (don't take those tasks just yet) to To do on the Kanban board.

kuba-orlik updated the task description. (Show Details)

kuba-orlik changed the point value for this task from 2 to 3.

kuba-orlik added a project: Paid.Wed, Aug 6, 16:39

Stimulus controller to attach custom signed inline codeOpen, NormalPublic3 PointsActions

Description

Related ObjectsSearch...

Event Timeline

Stimulus controller to attach custom signed inline code
Open, NormalPublic3 Points
Actions

Related Objects
Search...