I'm trying to add CSP (https://en.wikipedia.org/wiki/Content_Security_Policy) to a Tapestry application.
The problem is that I have to add "unsafe-inline" because Tapestry adds all the initializing stuff in an inline <script> Block at the bottom. That's making XSS attacks easier (or even possible). Is there a way to prevent that in 5.3 and are there any plans on getting rid of this "old-school" stuff in 5.4? -- Chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
