Chris, On Mon, Aug 10, 2020 at 12:20 PM Martin Grigorov <mgrigo...@apache.org> wrote:
> > On Tue, Jul 28, 2020, 16:48 Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> All, >> >> I was looking at this PR[1] and wondering why we have huge swaths of >> CSS and HTML in a Java source file, instead of using e.g. JSP or some >> other content-generation framework. >> >> I know, I hate JSP, too, but having large blocks of HTML and CSS in >> Java strings is just ... awful. >> >> Also, is there a particular reason we are using embedded CSS in the >> pages instead of an external CSS file? >> >> Ultimately, it would be a good idea to move all CSS and even styles >> into a separate CSS file so we can tighten-up the Content Security >> Policy on the manager app. This can help prevent attacks if there >> happens to be some kind of XSS vulnerability hiding in there somewhere. >> >> Any objections to evicting the CSS to begin with? >> > It's funny, I was thinking the same thing a couple of weeks ago but didn't want to cause a merge conflict for the PR so waited to see what's going on with that, though as I commented on it I don't like that it changes the theme colors, etc. If you are already working on that then great. If you haven't started, and you have better things to do, I'd be happy to clean that up so please LMK. Best, Igal > > +1 > > >> Thanks, >> - -chris >> >> [1] https://github.com/apache/tomcat/pull/327 >> -----BEGIN PGP SIGNATURE----- >> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ >> >> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8gLJsACgkQHPApP6U8 >> pFgKCw//WY8p/EBS7sxDYgnV6W4pjeuAuhXv6ierajPH28NfdokIRlU4IfFIUVIE >> Ck98rK9uH98o6QFkWC70MVYV+NbEi4CwrjPhuFV/rEplyqfA+Ijs5g069a1g15On >> fw5V44CK2JBj0AjT4ZtMVWOSxDElHZc3SjZmyaie0pk2zDVxYwSwhoRPtqzms5rH >> zTlu48R14t1O9PLsWGthwdVStAn9WlE7hBLI3yLag/QKUqlOR/a8Fy75mbMma5a9 >> cmG8Lh5Jo8a6YzD0q37sdOmKN5d9lZxZkz3x21Cy3v2qcKcaGUcAttAEe9hFKEzh >> I0hOMKYc/2n2aNpMTjIkG86fXzAYB1IIsfiGxlwP/nY6HzJ9XRolD9+kT7LZ/tP3 >> 7SKL8rVoKi5SWiH+g3jGifVkxfiHlMhvZikAbC75ngP7mNXZFHPdnF3rvai/cbum >> FWUpLDoW/oTs87v9l071hs+hf2PffvqL/v5AeoMbGf/VDpf/zcuNy0wlB2w6Nxo9 >> K8sBVHQGJzIlaR9fqLyYJkJ8kmSb37t7BxPXLuGSCr98uUD8bSy2IwC2IxessXQc >> E+oIyJ0mlPdKU1dh5yFtMzCp4S9olUg4diqOxpToGm2hnmdnkRY3OarC1OU839NC >> Yd5uYA9XoYxBro2oNfB1gCNB5Ve4aLVOV0Q3iKcW83b8jLiNgzY= >> =Z+cI >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >>
