Changes between Initial Version and Version 1 of Ticket #2136
- Timestamp:
- 2013-12-15T15:15:10Z (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #2136
- Property Keywords csp wui security xss javascript added
- Property Component changed from unknown to code-frontend-web
-
Ticket #2136 – Description
initial v1 3 3 AFAIU one would only have to whitelist a few script files for the download-status-timeline. Everything else could easily work with "no scripts allowed". 4 4 5 A more moderate approach could be "only allow same-origin resources", which could be patched into the WUI similarly to what my X-Frame-Options patch does. See ticket 1455.5 A more moderate approach could be "only allow same-origin resources", which could be patched into the WUI similarly to what my X-Frame-Options patch does. See ticket #1455.
