[wp-trac] [WordPress Trac] #32067: Remove inline javascript from WP-Core to allow CSP protection
WordPress Trac
noreply at wordpress.org
Wed Apr 22 20:24:32 UTC 2015
#32067: Remove inline javascript from WP-Core to allow CSP protection
-------------------------+-----------------------------
Reporter: tdelmas | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
To avoid catastrophic effects of XSS, it would be safe to allow user to
add a Content Security Policy (CSP) header.
To be effective, a CSP must at least disallow inline javascript.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32067>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list