With UUF we have a proper place to put script tags for each fragment/page. So let's stop using <script> tag [1].
Please consider enforcing that using headers [2] for all UUF requests. This will give us much better XXS protection automatically. [1] https://github.com/wso2/carbon-dashboards/blob/v3.0.0-m2/components/org.wso2.carbon.dashboards.designer/src/main/fragments/footer/footer.hbs#L19 [2] https://developers.google.com/web/fundamentals/security/csp/ -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
