Name

Thank you for your swift reply. I decided to look around.

I found out that this problem is not caused by your plugin at all, but by WordPress itself. Fixing this security weakness of core wp has been postponed since 2015.

The inline javascript that prevents proper use of CSP (and opens doors to XSS), comes from blocks/categories.php and widgets/class-wp-widget-categories.php
https://core.trac.ww.wp.xz.cn/ticket/32067
https://core.trac.ww.wp.xz.cn/ticket/39941

I have been very happy with your plugin. It made our little Archives page so much better 🙂

• This reply was modified 6 years ago by Name.

Because this “inline js” was the cause of an only average review (***), I will post the js here:

The action when I select a category or year from the dropdown list:

<script type=’text/javascript’>
/* <![CDATA[ */
( function() {
var dropdown = document.getElementById( ‘wp-block-categories-1’ );
function onCatChange() {
if ( dropdown.options[ dropdown.selectedIndex ].value > 0 ) {
location.href = “https://luolaseura.fi/?cat=&#8221; + dropdown.options[ dropdown.selectedIndex ].value;
}
}
dropdown.onchange = onCatChange;
})();
/* ]]> */
</script>

I have now opened a support thread. Let’s see what causes this problem. But it’s clear that without allowing inline javascript the dropdown menus do nothing :/ WordPress is a complicated environment, as I have noticed during the last ten years…

• This reply was modified 6 years ago by Name.
• This reply was modified 6 years ago by Name.