Opened 10 years ago

Last modified 8 years ago

#1712 closed task

Implement a 'Content Security Policy' — at Version 1

Reported by: Nicklas Nordborg Owned by: everyone
Priority: major Milestone: BASE 3.3
Component: web Version:
Keywords: Cc:

Description (last modified by Nicklas Nordborg)

A 'Content Security Policy' can be used to white-list allowed javascript and style sheet usage. Everything else is blocked which makes it a good protection against cross-site scripting (XSS) attacks. Read more here:

http://www.html5rocks.com/en/tutorials/security/content-security-policy/

I guess this will not happen for some time since browser support is only experimental and BASE is basically full of inline javascript and CSS that need to be moved to external files. It's a lot of work and probably require a different approach to how the gui is created.

The following tickets are related to this and need to be fixed first: #1727, #1729, #1730

Change History (1)

comment:1 Changed 10 years ago by Nicklas Nordborg

Description: modified (diff)
Note: See TracTickets for help on using tickets.