id summary reporter owner description type status priority milestone component version resolution keywords cc 1712 Implement a 'Content Security Policy' Nicklas Nordborg everyone "A 'Content Security Policy' can be used to white-list allowed javascript and style sheet usage. Everything else is blocked which makes it a good protection against cross-site scripting (XSS) attacks. Read more here: http://www.html5rocks.com/en/tutorials/security/content-security-policy/ I guess this will not happen for some time since browser support is only experimental and BASE is basically full of inline javascript and CSS that need to be moved to external files. It's a lot of work and probably require a different approach to how the gui is created." task new major BASE Future Release web