You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2013/08/12 09:15:45 UTC
svn commit: r1513059 - /myfaces/tobago/trunk/src/site/apt/migration-2.0.apt
Author: lofwyr
Date: Mon Aug 12 07:15:45 2013
New Revision: 1513059
URL: http://svn.apache.org/r1513059
Log:
add CSP hint
Modified:
myfaces/tobago/trunk/src/site/apt/migration-2.0.apt
Modified: myfaces/tobago/trunk/src/site/apt/migration-2.0.apt
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/src/site/apt/migration-2.0.apt?rev=1513059&r1=1513058&r2=1513059&view=diff
==============================================================================
--- myfaces/tobago/trunk/src/site/apt/migration-2.0.apt (original)
+++ myfaces/tobago/trunk/src/site/apt/migration-2.0.apt Mon Aug 12 07:15:45 2013
@@ -34,8 +34,6 @@ Artifacts (JAR-Files)
CSP
- TODO
-
Tobago supports Content Security Policy (SCP) to prevent cross-site
scripting (XSS) and related attacks.
Specification link http://www.w3.org/TR/CSP/
@@ -43,6 +41,8 @@ CSP
All allowed sources for JavaScript, CSS and other resources have to be declared in special header.
If you have own renderers or own JavaScript in your application, this code also needs to support SCP, to use this feature.
+ TODO: How to configure
+
Java-API
The class org.apache.myfaces.tobago.model.TreeState which has been deprecated in 1.5.x is