[wp-trac] [WordPress Trac] #10237: Implement the new Mozilla feature to prevent XSS
WordPress Trac
wp-trac at lists.automattic.com
Tue Apr 13 00:04:45 UTC 2010
#10237: Implement the new Mozilla feature to prevent XSS
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: feature request | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version: 2.8
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
Comment(by bsterne):
I uploaded my work in progress patch adding an administration panel for
CSP. It provides a visual way for users to modify their policy and adds
the "Suggest Policy" feature which analyzes content in the home page and
provides the recommended policy based on those content types and source
locations. I'm definitely not a UI expert, so feel free to suggest
changes to make it suck less.
The next step in the implementation is to move
[https://wiki.mozilla.org/Security/CSP/Spec#No_inline_scripts_will_execute
inline scripts] in all of the WP pages into external script files. I'll
be working on that shortly.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10237#comment:19>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list