You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Hudson (JIRA)" <de...@myfaces.apache.org> on 2013/11/09 00:40:17 UTC
[jira] [Commented] (TOBAGO-1171) Support for the Content Security
Policy (CSP)
[ https://issues.apache.org/jira/browse/TOBAGO-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817852#comment-13817852 ]
Hudson commented on TOBAGO-1171:
--------------------------------
SUCCESS: Integrated in tobago-trunk #1157 (See [https://builds.apache.org/job/tobago-trunk/1157/])
TOBAGO-1171: Support for the Content Security Policy (CSP) (lofwyr: http://svn.apache.org/viewvc/?view=rev&rev=1540078)
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/webapp/DebugResponseWriterWrapper.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/webapp/HtmlResponseWriter.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java
> Support for the Content Security Policy (CSP)
> ---------------------------------------------
>
> Key: TOBAGO-1171
> URL: https://issues.apache.org/jira/browse/TOBAGO-1171
> Project: MyFaces Tobago
> Issue Type: New Feature
> Components: Themes
> Reporter: Udo Schnurpfeil
> Assignee: Udo Schnurpfeil
> Fix For: 2.0.0-alpha-3
>
>
> This is to prevent cross-site scripting (XSS) and related attacks.
> More about this security feature you can found at W3 http://www.w3.org/TR/CSP/
> Main work is to remove all JavaScript from the HTML code, see also the sub-tasks.
--
This message was sent by Atlassian JIRA
(v6.1#6144)