Closed GoogleCodeExporter closed 9 years ago
Unfortunately the javascript code GWT compiles out to by default doesn't
produce very CSP friendly code, so have to allow inline javascript and style,
as well as eval. Oh and Firefox doesn't use the standard W3C syntax yet. So
while its better than nothing, it isn't as restrictive as I would like, but
since the application has been thoroughly tested for XSS vulnerabilities it is
just a secondary layer.
Original comment by joshdrum...@gmail.com
on 20 Mar 2013 at 7:25
Original comment by joshdrum...@gmail.com
on 20 Mar 2013 at 7:28
Original issue reported on code.google.com by
joshdrum...@gmail.com
on 15 Mar 2013 at 2:10