[jira] [Commented] (TOBAGO-1171) Support for the Content Security Policy (CSP)

Hudson (JIRA) Tue, 10 Sep 2013 09:32:57 -0700

    [ 
https://issues.apache.org/jira/browse/TOBAGO-1171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13763083#comment-13763083
 ]


Hudson commented on TOBAGO-1171:
--------------------------------

SUCCESS: Integrated in tobago-trunk #1102 (See 
[https://builds.apache.org/job/tobago-trunk/1102/])
TOBAGO-1310: Support for the CSP header field: 
Content-Security-Policy-Report-Only 
- add support for "report-only"
TOBAGO-1171: Support for the Content Security Policy (CSP) 
- change syntax for activating/deactivating
- adapt browser support
- same HTML rendering output (without attention to CSP state) (lofwyr: 
http://svn.apache.org/viewvc/?view=rev&rev=1521478)
* /myfaces/tobago/trunk/src/site/apt/migration-2.0.apt
* /myfaces/tobago/trunk/tobago-core/pom.xml
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/context/ClientProperties.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/context/UserAgent.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/ContentSecurityPolicy.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/ResponseUtils.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoResponseWriter.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/webapp/TobagoServletContextListener.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd
* 
/myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/context/UserAgentUnitTest.java
* 
/myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java
* 
/myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParserUnitTest.java
* /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml
* /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-0.xml
* /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-1.xml
* /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-merge-2.xml
* 
/myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-untidy-2.0.xml
* 
/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
* 
/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/80-security
* 
/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/80-security/content-security-policy.xhtml
* 
/myfaces/tobago/trunk/tobago-example/tobago-example-test/src/main/webapp/WEB-INF/tobago-config.xml
* 
/myfaces/tobago/trunk/tobago-example/tobago-example-test/src/test/java/org/apache/myfaces/tobago/example/test/TestTheAutomaticSeleniumTest.java
* 
/myfaces/tobago/trunk/tobago-theme/tobago-theme-scarborough/src/main/java/org/apache/myfaces/tobago/renderkit/html/scarborough/standard/tag/PageRenderer.java
* 
/myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml

                
> Support for the Content Security Policy (CSP)
> ---------------------------------------------
>
>                 Key: TOBAGO-1171
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1171
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>          Components: Themes
>            Reporter: Udo Schnurpfeil
>            Assignee: Udo Schnurpfeil
>
> This is to prevent cross-site scripting (XSS) and related attacks.
> More about this security feature you can found at W3 http://www.w3.org/TR/CSP/
> Main work is to remove all JavaScript from the HTML code, see also the 
> sub-tasks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TOBAGO-1171) Support for the Content Security Policy (CSP)

Reply via email to