On 10/18/17, Warren Young <war...@etr-usa.com> wrote: > On Oct 18, 2017, at 3:44 AM, Warren Young <war...@etr-usa.com> wrote: >> >> The more web apps that ship with stringent Content-Security-Policy >> headers, the fewer arguments we’ll have for allowing JS on web pages.
I'd never heard of Content-Security-Policy before. A quick scan suggests that I need to modify Fossil to make use of it. Target policy: default-src: 'self' That means, no more in-line javascript, which will be a hassle to work around. I'll have to add a "/fossil.js" resource that contains various scripts and insert the JSON data used to drive those scripts as <script type='text/json'> elements, apparently. -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users