[tor-bugs] #21230 [Metrics/Atlas]: Atlas should work with a restrictive CSP policy
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 15 21:13:04 UTC 2017
#21230: Atlas should work with a restrictive CSP policy
-------------------------------+-----------------------------------------
Reporter: cypherpunks | Owner: irl
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Metrics/Atlas | Version:
Severity: Normal | Keywords: security,css,javascript,csp
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------+-----------------------------------------
Currently, Atlas doesn't play nice with [https://content-security-
policy.com/ CSP], because it embeds
[https://gitweb.torproject.org/atlas.git/tree/index.html#n21 css] and
[https://gitweb.torproject.org/atlas.git/tree/index.html#n72 javascript]
inside the html code, instead of putting them into dedicated files.
The usage of CSP would make exploitation of (potential) XSS harder.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21230>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list