From 31281a6025b301c63fe6d51ab17edbaf85b97e6f Mon Sep 17 00:00:00 2001 From: nesquena-hermes Date: Thu, 9 Apr 2026 19:08:30 -0700 Subject: [PATCH] =?UTF-8?q?docs:=20v0.42.2=20release=20=E2=80=94=20CSP=20u?= =?UTF-8?q?nsafe-inline=20fix=20(564=20tests)=20(#210)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Nathan Esquenazi --- CHANGELOG.md | 5 +++++ static/index.html | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ba70c5a..79218b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ --- +## [v0.42.2] — 2026-04-10 + +### Bug Fixes +- **CSP blocking inline event handlers** (PR #209): `script-src 'self'` blocked all 55+ inline `onclick=` handlers in `index.html`, making the settings panel, sidebar navigation, and most interactive controls non-functional. Added `'unsafe-inline'` to `script-src`. Also restores `https://cdn.jsdelivr.net` to `script-src` and `style-src` for Mermaid.js and Prism.js (dropped in v0.42.1). + ## [v0.42.1] — 2026-04-11 ### Bug Fixes diff --git a/static/index.html b/static/index.html index b3e01cf..d4fb02e 100644 --- a/static/index.html +++ b/static/index.html @@ -14,7 +14,7 @@