You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cordova.apache.org by st...@apache.org on 2015/03/13 19:08:29 UTC

[1/3] cordova-app-hello-world git commit: Updated RELEASENOTES

Repository: cordova-app-hello-world
Updated Branches:
  refs/heads/3.8.x 79448fd99 -> 5e572b6bd
  refs/heads/master 5a7b7ae59 -> ff79d3a08


Updated RELEASENOTES


Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/ff79d3a0
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/ff79d3a0
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/ff79d3a0

Branch: refs/heads/master
Commit: ff79d3a0815c2ad46a0c80ac6f01b13c3362458c
Parents: 5a7b7ae
Author: Steve Gill <st...@gmail.com>
Authored: Fri Mar 13 11:07:52 2015 -0700
Committer: Steve Gill <st...@gmail.com>
Committed: Fri Mar 13 11:07:52 2015 -0700

----------------------------------------------------------------------
 RELEASENOTES.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/ff79d3a0/RELEASENOTES.md
----------------------------------------------------------------------
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index c52b1b4..d3ba755 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -21,7 +21,8 @@
 # Release Notes
 
 ### 3.8.0 (Mar 10, 2015)
-* Remove path from CSP string (since CSP ignores paths). Add CSP rationale within comment 
+* Add unsafe-eval to default CSP since many frameworks run faster with it on
+* Remove path from CSP string (since CSP ignores paths). Add CSP rationale within commen 
 * CB-8295 Fix CSP string, which had an invalid : in it
 * added license header to config.xml
 * added releasenotes.md


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org

[2/3] cordova-app-hello-world git commit: Add unsafe-eval to default CSP since many frameworks run faster with it on

Posted by st...@apache.org.

Add unsafe-eval to default CSP since many frameworks run faster with it on


Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/52f897de
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/52f897de
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/52f897de

Branch: refs/heads/3.8.x
Commit: 52f897de61c4dcd60132fa03f1f97817b6277c59
Parents: 79448fd
Author: Andrew Grieve <ag...@chromium.org>
Authored: Fri Mar 13 12:51:13 2015 -0400
Committer: Steve Gill <st...@gmail.com>
Committed: Fri Mar 13 11:08:06 2015 -0700

----------------------------------------------------------------------
 www/index.html | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/52f897de/www/index.html
----------------------------------------------------------------------
diff --git a/www/index.html b/www/index.html
index 10dbeb6..646f9cb 100644
--- a/www/index.html
+++ b/www/index.html
@@ -25,11 +25,10 @@
         Some notes:
             * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
             * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
-            * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Disables use of inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
                 * Enable inline JS: add 'unsafe-inline' to default-src
-                * Enable eval(): add 'unsafe-eval' to default-src
         -->
-        <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+        <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
         <meta name="format-detection" content="telephone=no">
         <meta name="msapplication-tap-highlight" content="no">
         <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org

[3/3] cordova-app-hello-world git commit: Updated RELEASENOTES

Posted by st...@apache.org.

Updated RELEASENOTES


Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/5e572b6b
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/5e572b6b
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/5e572b6b

Branch: refs/heads/3.8.x
Commit: 5e572b6bd2a111f19d0061a862ddb1b40854bf12
Parents: 52f897d
Author: Steve Gill <st...@gmail.com>
Authored: Fri Mar 13 11:07:52 2015 -0700
Committer: Steve Gill <st...@gmail.com>
Committed: Fri Mar 13 11:08:18 2015 -0700

----------------------------------------------------------------------
 RELEASENOTES.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/5e572b6b/RELEASENOTES.md
----------------------------------------------------------------------
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index c52b1b4..d3ba755 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -21,7 +21,8 @@
 # Release Notes
 
 ### 3.8.0 (Mar 10, 2015)
-* Remove path from CSP string (since CSP ignores paths). Add CSP rationale within comment 
+* Add unsafe-eval to default CSP since many frameworks run faster with it on
+* Remove path from CSP string (since CSP ignores paths). Add CSP rationale within commen 
 * CB-8295 Fix CSP string, which had an invalid : in it
 * added license header to config.xml
 * added releasenotes.md


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org