I'm using CSP on my server. CSP is a good protection against XSS attacks. Sadly, this feature breaks Joomla, because of using various inline scripts.
I could use unsafe-inline, but this would also allow XSS attacks (in case of a security bug in a application). So fixing this give administrators a huge security enhancement.
See also http://www.w3.org/TR/CSP/#script-src
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-06-29 16:22:49 |
Labels |
Added:
?
|
Since inline scripts by itself aren't a security issue and sometimes are needed, I don't see how this would be an issue.
If you see code which can be improved, feel free to create an Issue or Pull Request specific for it.
I'm closing this issue because it's just a general wish, and not a real issue.