You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Magro <ma...@gmx.net> on 2013/11/07 09:38:27 UTC
Any plans to support content security policy?
Hello!
Do you have any plans regarding support of the content security policy
(http://en.wikipedia.org/wiki/Content_Security_Policy) in Wicket in the near
future? The problem at this time is the heavily used inline Java-Script code
which interferes with the whitelisting mechanism of script sources in the
CSP.
Are there any plans to support this better? I think it would be a great help
against cross-site scripting attacks and would improve the security image of
Wicket.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Any-plans-to-support-content-security-policy-tp4662191.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Any plans to support content security policy?
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
Please file a ticket for improvement.
Thanks!
On Thu, Nov 7, 2013 at 10:38 AM, Magro <ma...@gmx.net> wrote:
> Hello!
> Do you have any plans regarding support of the content security policy
> (http://en.wikipedia.org/wiki/Content_Security_Policy) in Wicket in the
> near
> future? The problem at this time is the heavily used inline Java-Script
> code
> which interferes with the whitelisting mechanism of script sources in the
> CSP.
> Are there any plans to support this better? I think it would be a great
> help
> against cross-site scripting attacks and would improve the security image
> of
> Wicket.
>
>
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Any-plans-to-support-content-security-policy-tp4662191.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>