eozmen410 opened a new pull request #434: URL: https://github.com/apache/struts/pull/434
Hello Struts devs! This PR is a follow up to [WW-5084: Add Content Security Policy support to Struts](https://github.com/apache/struts/pull/430) to make all Struts tags CSP ready. After our inital CSP implementation we realized that other Struts tags like `<s:doubleselect>`, `<s:head>` also include `<script>` or `<link/>` blocks, and we wanted to make sure enabling CSP will not compromise any of the functionality for the existing tags! Here's a summary of the changes we made: * Modify the `UIBean` class to add the nonce value as a parameter so tags that need the nonce value can access it * Add `nonce.ftl` and `<include />` it for tags that need the nonce attribute * Modify the showcase JSP files to use `<s:script>` and `<s:link/>` instead of `<script>` and `<link/>` * Add support for FreeMarker tags `<@s.script>` and `<@s.link>` Co-authored-by: Ecenaz Jen Ozmen - @eozmen410 Co-authored-by: Giannis Chatziveroglou - @gchatz22 Co-authored-by: Santiago Diaz - @salcho ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
