ruberto.andrea
posted this
15 May 2021
Hello,
Content Security Policy (CSP) is important to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
However, html code generated by NicePage may contain unsafe inline styles and other elements which become a problem when using content security policy headers, e.g. <meta http-equiv content>. Many security exceptions need to be added (reducing the level of protection), or some html parts need to be rewritten by moving styles into css or making other modifications.
Are you going to address this security issue in the near future?
Cheers,
A.
Hello, Content Security Policy (CSP) is important to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. However, html code generated by NicePage may contain unsafe inline styles and other elements which become a problem when using content security policy headers, e.g. <meta http-equiv content>. Many security exceptions need to be added (reducing the level of protection), or some html parts need to be rewritten by moving styles into css or making other modifications. Are you going to address this security issue in the near future? Cheers, A.
Vote to pay developers attention to this features or issue.
