Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
This is to prevent cross-site scripting (XSS) and related attacks.
More about this security feature you can found at W3 http://www.w3.org/TR/CSP/
Main work is to remove all JavaScript from the HTML code, see also the sub-tasks.
Attachments
Issue Links
- is blocked by
-
TOBAGO-1192 buttons and links rendering without javascript fragments
- Closed
-
TOBAGO-1258 New attribute "omit" for commands
- Closed
-
TOBAGO-1260 Input-Suggest doesn't support CSP
- Closed
-
TOBAGO-1187 new tag tc:dataAttribute for HTML5 data-*
- Closed
-
TOBAGO-1184 Support for initializing components without javascript fragments
- Closed
- is related to
-
TOBAGO-1310 Support for the CSP header field: Content-Security-Policy-Report-Only
- Closed
- relates to
-
TOBAGO-1188 Mark onclick and other on* attributes as deprecated
- Closed