Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5406

Better Content Security Policy Support

    XMLWordPrintableJSON

Details

    Description

      A better support of the Content Security Policy (http://en.wikipedia.org/wiki/Content_Security_Policy) would protect against cross-site scripting attacks and improve the security image of wicket.
      The main problem at the moment is the heavily used inline javascript code which interferes with the whitelisting mechanism of script sources in the CSP and should be avoided .

      Attachments

        Issue Links

          is a parent of

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6682 Improve JavaScriptContentHeaderItem and JavaScriptUtils to support nonce

          • Major - Major loss of function.
          • Resolved
          is related to

          New Feature - A new feature of the product, which has yet to be developed. WICKET-6832 CSP support in Java 8

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6821 Completely disable CSP support

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              papegaaij Emond Papegaaij
              Magro28 Mario Groß
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: