You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2013/08/12 09:15:02 UTC
svn commit: r1513058 - /myfaces/tobago/trunk/src/site/apt/migration-2.0.apt
Author: lofwyr
Date: Mon Aug 12 07:15:02 2013
New Revision: 1513058
URL: http://svn.apache.org/r1513058
Log:
add CSP hint
Modified:
myfaces/tobago/trunk/src/site/apt/migration-2.0.apt
Modified: myfaces/tobago/trunk/src/site/apt/migration-2.0.apt
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/src/site/apt/migration-2.0.apt?rev=1513058&r1=1513057&r2=1513058&view=diff
==============================================================================
--- myfaces/tobago/trunk/src/site/apt/migration-2.0.apt (original)
+++ myfaces/tobago/trunk/src/site/apt/migration-2.0.apt Mon Aug 12 07:15:02 2013
@@ -32,6 +32,17 @@ Artifacts (JAR-Files)
* tobago-facelets-\<version\>.jar
+CSP
+
+ TODO
+
+ Tobago supports Content Security Policy (SCP) to prevent cross-site
+ scripting (XSS) and related attacks.
+ Specification link http://www.w3.org/TR/CSP/
+ In short: The HTML page doesn't contain any JavaScript or CSS information.
+ All allowed sources for JavaScript, CSS and other resources have to be declared in special header.
+ If you have own renderers or own JavaScript in your application, this code also needs to support SCP, to use this feature.
+
Java-API
The class org.apache.myfaces.tobago.model.TreeState which has been deprecated in 1.5.x is