Implement a 'Content Security Policy'

[Nicklas Nordborg]

A 'Content Security Policy' can be used to white-list allowed javascript and style sheet usage. Everything else is blocked which makes it a good protection against cross-site scripting (XSS) attacks. Read more here:

​http://www.html5rocks.com/en/tutorials/security/content-security-policy/

I guess this will not happen for some time since browser support is only experimental and BASE is basically full of inline javascript and CSS that need to be moved to external files. It's a lot of work and probably require a different approach to how the gui is created.