Opened 10 years ago

Last modified 8 years ago

#1712 closed task

Implement a 'Content Security Policy' — at Initial Version

Reported by: Nicklas Nordborg Owned by: everyone
Priority: major Milestone: BASE 3.3
Component: web Version:
Keywords: Cc:

Description

A 'Content Security Policy' can be used to white-list allowed javascript and style sheet usage. Everything else is blocked which makes it a good protection against cross-site scripting (XSS) attacks. Read more here:

http://www.html5rocks.com/en/tutorials/security/content-security-policy/

I guess this will not happen for some time since browser support is only experimental and BASE is basically full of inline javascript and CSS that need to be moved to external files. It's a lot of work and probably require a different approach to how the gui is created.

Change History (0)

Note: See TracTickets for help on using tickets.