Forum Discussion

asdasdasd-c36e9's avatar
asdasdasd-c36e9
Community Member
7 years ago

Storyline 3 CSP (Content Security Policy) problems

I was just wondering if there's any push on getting Storyline CSP compliant? I know I can add a script-src with unsafe-inline, but that kind of diminishes the value of the header in the first place....
storyline 360
AndreaKoehntop-'s avatar
AndreaKoehntop-
Community Member
4 years ago

Hi Kathy, and welcome to the E-Learning Heroes community! ✨

I apologize for the issues you are experiencing in Storyline 3 with CSP.

Are you specifically interested in removing all inline JavaScript, or something else?

This is a current feature request, and I will be sure to update the thread if it should make it onto our feature roadmap

KathyMcGinn's avatar
KathyMcGinn
Community Member
4 years ago

Hi Andrea,

Thank you for your response.

We would be looking for the following vulnerabilities to be resolved.

Common vulnerabilities found in code:
1) Use of Inline javascript functions
2) Use of Inline styles
3) Use of inline click event handlers and javascript: URIs
4) Use of styles in javascript files
5) Use of SVG tags to set dimensions in javascript files

Here is one example.
Inline javascript and styles (highlighted) contained in index.aspx pages

Please let me know if this helps.

Thanks,
Kathy