Uploaded image for project: 'MyFaces Tobago'
  1. MyFaces Tobago
  2. TOBAGO-1171

Support for the Content Security Policy (CSP)

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.0.0-alpha-3, 2.0.0
    • Themes
    • None

    Description

      This is to prevent cross-site scripting (XSS) and related attacks.

      More about this security feature you can found at W3 http://www.w3.org/TR/CSP/

      Main work is to remove all JavaScript from the HTML code, see also the sub-tasks.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. TOBAGO-1192 buttons and links rendering without javascript fragments

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. TOBAGO-1258 New attribute "omit" for commands

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. TOBAGO-1260 Input-Suggest doesn't support CSP

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. TOBAGO-1187 new tag tc:dataAttribute for HTML5 data-*

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. TOBAGO-1184 Support for initializing components without javascript fragments

          • Major - Major loss of function.
          • Closed
          is related to

          New Feature - A new feature of the product, which has yet to be developed. TOBAGO-1310 Support for the CSP header field: Content-Security-Policy-Report-Only

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Task - A task that needs to be done. TOBAGO-1188 Mark onclick and other on* attributes as deprecated

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Activity

            People

              lofwyr Udo Schnurpfeil
              lofwyr Udo Schnurpfeil
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: