• Resolved 4a4b

    (@4a4b)


    Hi,

    With a strict content security policy the inline CSS of the honeypot is ignored by the browser and the textarea becomes visible. This is the case for example with this HTTP header:

    Content-Security-Policy: default-src 'self';

    As a workaround I have moved the inline CSS to an external css file:

    /* Antispam-Bee */
    textarea#comment {
      padding: 0 !important;
      clip: rect(1px, 1px, 1px, 1px) !important;
      position: absolute !important;
      white-space: nowrap !important;
      height: 1px !important;
      width: 1px !important;
      overflow: hidden !important;
    }

    Maybe the Antispam Plugin could itself include such a CSS file (additionally to the inline CSS) so the honeypit textarea remains hidden with a strict CSP header?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.