You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Hudson (JIRA)" <de...@myfaces.apache.org> on 2013/11/09 00:40:17 UTC

[jira] [Commented] (TOBAGO-1171) Support for the Content Security Policy (CSP)

    [ https://issues.apache.org/jira/browse/TOBAGO-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817852#comment-13817852 ] 

Hudson commented on TOBAGO-1171:
--------------------------------

SUCCESS: Integrated in tobago-trunk #1157 (See [https://builds.apache.org/job/tobago-trunk/1157/])
TOBAGO-1171: Support for the Content Security Policy (CSP) (lofwyr: http://svn.apache.org/viewvc/?view=rev&rev=1540078)
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/webapp/DebugResponseWriterWrapper.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/webapp/HtmlResponseWriter.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java


> Support for the Content Security Policy (CSP)
> ---------------------------------------------
>
>                 Key: TOBAGO-1171
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1171
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>          Components: Themes
>            Reporter: Udo Schnurpfeil
>            Assignee: Udo Schnurpfeil
>             Fix For: 2.0.0-alpha-3
>
>
> This is to prevent cross-site scripting (XSS) and related attacks.
> More about this security feature you can found at W3 http://www.w3.org/TR/CSP/
> Main work is to remove all JavaScript from the HTML code, see also the sub-tasks.



--
This message was sent by Atlassian JIRA
(v6.1#6144)