Skip to content
This repository has been archived by the owner on Nov 7, 2019. It is now read-only.

Inline JavaScript/CSS should not be used #11

Open
Alanaktion opened this issue Jul 30, 2016 · 0 comments
Open

Inline JavaScript/CSS should not be used #11

Alanaktion opened this issue Jul 30, 2016 · 0 comments
Labels
bug

Comments

@Alanaktion
Copy link
Member

To properly implement the Content-Security-Policy header, we should remove any inline JavaScript and CSS (including style attributes) as they are far more likely to be injected by a malicious user than an external script file or stylesheet is.
@Alanaktion Alanaktion added the bug label Jul 30, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Alanaktion