[tor-bugs] #21230 [Metrics/Atlas]: Atlas should work with a restrictive CSP policy

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jan 15 21:13:04 UTC 2017


#21230: Atlas should work with a restrictive CSP policy
-------------------------------+-----------------------------------------
     Reporter:  cypherpunks    |      Owner:  irl
         Type:  enhancement    |     Status:  new
     Priority:  Medium         |  Milestone:
    Component:  Metrics/Atlas  |    Version:
     Severity:  Normal         |   Keywords:  security,css,javascript,csp
Actual Points:                 |  Parent ID:
       Points:                 |   Reviewer:
      Sponsor:                 |
-------------------------------+-----------------------------------------
 Currently, Atlas doesn't play nice with [https://content-security-
 policy.com/ CSP], because it embeds
 [https://gitweb.torproject.org/atlas.git/tree/index.html#n21 css] and
 [https://gitweb.torproject.org/atlas.git/tree/index.html#n72 javascript]
 inside the html code, instead of putting them into dedicated files.

 The usage of CSP would make exploitation of (potential) XSS harder.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21230>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list