Feeling Lucky
?
[#3838] - Prevent Joomla using inline-scripts
- Closed
- 29 Jun 2014
- Medium
- Build: master
- # 3838
I'm using CSP on my server. CSP is a good protection against XSS attacks. Sadly, this feature breaks Joomla, because of using various inline scripts.
I could use unsafe-inline, but this would also allow XSS attacks (in case of a security bug in a application). So fixing this give administrators a huge security enhancement.
See also http://www.w3.org/TR/CSP/#script-src
zero-24
- 
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-06-29 16:22:49 |
| Labels |
Added:
?
|
||
Since inline scripts by itself aren't a security issue and sometimes are needed, I don't see how this would be an issue.
If you see code which can be improved, feel free to create an Issue or Pull Request specific for it.
I'm closing this issue because it's just a general wish, and not a real issue.