On Wed, Oct 18, 2017 at 4:27 PM, Warren Young <war...@etr-usa.com> wrote:
> If you have any Ajax calls back to the remote fossil executable and they > ship back <style> or <script> blocks, you may need to add ‘unsafe-eval’ as > well, though I’d recommend fixing those cases rather than allowing them via > CSP, because the risks of eval() are infinite in scope, because Turing. > LOL. Turing and his silly Test - that's why we can't have nice things. -- ----- stephan beal http://wanderinghorse.net/home/stephan/ "Freedom is sloppy. But since tyranny's the only guaranteed byproduct of those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
