?
avatar J0WI
J0WI
29 Jun 2014

I'm using CSP on my server. CSP is a good protection against XSS attacks. Sadly, this feature breaks Joomla, because of using various inline scripts.
I could use unsafe-inline, but this would also allow XSS attacks (in case of a security bug in a application). So fixing this give administrators a huge security enhancement.

See also http://www.w3.org/TR/CSP/#script-src

avatar J0WI J0WI - open - 29 Jun 2014
avatar zero-24 zero-24 - close - 29 Jun 2014
avatar Bakual
Bakual - comment - 29 Jun 2014

Since inline scripts by itself aren't a security issue and sometimes are needed, I don't see how this would be an issue.
If you see code which can be improved, feel free to create an Issue or Pull Request specific for it.

I'm closing this issue because it's just a general wish, and not a real issue.

avatar Bakual Bakual - change - 29 Jun 2014
Status New Closed
Closed_Date 0000-00-00 00:00:00 2014-06-29 16:22:49
avatar Bakual Bakual - close - 29 Jun 2014
avatar Bakual Bakual - close - 29 Jun 2014
avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment