Forum OpenACS Development: Re: XSS / Reflection with return_url

Collapse
12: Re: XSS / Reflection with return_url (response to 10)
Posted by Gustaf Neumann on 05/01/20 01:08 PM
CSP handles js URLS. When you try it, you will see:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
Collapse
13: Re: XSS / Reflection with return_url (response to 12)
Posted by Frank Bergmann on 05/01/20 01:14 PM
Thanks a lot!

I believe we'll need to quickly relase ]po[ V5.1 with OpenACS 5.10...

Cheers
Frank