In Callimachus 1.4 the Allowed origins field in the home folder prevents external scripts from access hosted resources if they are from an unknown origin. In Callimachus 1.5 this should be extended to
1) Prevent hosted scripts from accessing resources located in an unknown origin,
2) Prevent hosted from submitting forms to unknown origins, and
3) Prevent unknown origins from embedding (via iframe) hosted resources
All of these restrictions can be disabled by using a '*' as an allowed origin.
Note that this changes for this issue should not prevent styles and scripts from being inline and using eval.
In Callimachus 1.4 the Allowed origins field in the home folder prevents external scripts from access hosted resources if they are from an unknown origin. In Callimachus 1.5 this should be extended to
1) Prevent hosted scripts from accessing resources located in an unknown origin, 2) Prevent hosted from submitting forms to unknown origins, and 3) Prevent unknown origins from embedding (via iframe) hosted resources
All of these restrictions can be disabled by using a '*' as an allowed origin.
Note that this changes for this issue should not prevent styles and scripts from being inline and using eval.