You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by lo...@apache.org on 2013/08/12 09:15:45 UTC

svn commit: r1513059 - /myfaces/tobago/trunk/src/site/apt/migration-2.0.apt

Author: lofwyr
Date: Mon Aug 12 07:15:45 2013
New Revision: 1513059

URL: http://svn.apache.org/r1513059
Log:
add CSP hint

Modified:
    myfaces/tobago/trunk/src/site/apt/migration-2.0.apt

Modified: myfaces/tobago/trunk/src/site/apt/migration-2.0.apt
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/src/site/apt/migration-2.0.apt?rev=1513059&r1=1513058&r2=1513059&view=diff
==============================================================================
--- myfaces/tobago/trunk/src/site/apt/migration-2.0.apt (original)
+++ myfaces/tobago/trunk/src/site/apt/migration-2.0.apt Mon Aug 12 07:15:45 2013
@@ -34,8 +34,6 @@ Artifacts (JAR-Files)
 
 CSP
 
-  TODO
-
   Tobago supports Content Security Policy (SCP) to prevent cross-site
   scripting (XSS) and related attacks.
   Specification link http://www.w3.org/TR/CSP/
@@ -43,6 +41,8 @@ CSP
   All allowed sources for JavaScript, CSS and other resources have to be declared in special header.
   If you have own renderers or own JavaScript in your application, this code also needs to support SCP, to use this feature.
 
+  TODO: How to configure
+
 Java-API
 
    The class org.apache.myfaces.tobago.model.TreeState which has been deprecated in 1.5.x is