You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Mario Groß (JIRA)" <ji...@apache.org> on 2013/11/07 10:07:17 UTC

[jira] [Created] (WICKET-5406) Better Content Security Policy Support

Mario Groß created WICKET-5406:
----------------------------------

             Summary: Better Content Security Policy Support
                 Key: WICKET-5406
                 URL: https://issues.apache.org/jira/browse/WICKET-5406
             Project: Wicket
          Issue Type: Improvement
          Components: wicket
            Reporter: Mario Groß


A better support of the Content Security Policy (http://en.wikipedia.org/wiki/Content_Security_Policy) would protect against cross-site scripting attacks and improve the security image of wicket. 
The main problem at the moment is the heavily used inline javascript code which interferes with the whitelisting mechanism of script sources in the CSP and should be avoided .



--
This message was sent by Atlassian JIRA
(v6.1#6144)