You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Mario Groß (JIRA)" <ji...@apache.org> on 2013/11/07 10:07:17 UTC
[jira] [Created] (WICKET-5406) Better Content Security Policy
Support
Mario Groß created WICKET-5406:
----------------------------------
Summary: Better Content Security Policy Support
Key: WICKET-5406
URL: https://issues.apache.org/jira/browse/WICKET-5406
Project: Wicket
Issue Type: Improvement
Components: wicket
Reporter: Mario Groß
A better support of the Content Security Policy (http://en.wikipedia.org/wiki/Content_Security_Policy) would protect against cross-site scripting attacks and improve the security image of wicket.
The main problem at the moment is the heavily used inline javascript code which interferes with the whitelisting mechanism of script sources in the CSP and should be avoided .
--
This message was sent by Atlassian JIRA
(v6.1#6144)