juneau-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: Generate script and style elements
Date Mon, 08 Mar 2021 13:07:26 GMT
Hi James and all,

Please advise on https://github.com/apache/juneau/pull/57

Gary


On Sat, Mar 6, 2021, 10:07 James Bognar <jamesbognar@gmail.com> wrote:

> Absolutely.  I'm not familiar with those tags but it sounds like a
> pretty simple addition.
>
> I've also noticed a warning when delivering changes to master.  The
> link returns a 404 for me.  Maybe this is what it's complaining about.
>
> remote:
> remote: GitHub found 1 vulnerability on apache/juneau's default branch
> (1 low). To find out more, visit:
> remote:
> https://github.com/apache/juneau/security/dependabot/pom.xml/junit:junit/open
>
> On Fri, Mar 5, 2021 at 2:30 PM Gary Gregory <garydgregory@gmail.com>
> wrote:
> >
> > Hi All,
> >
> > Due to some dynamic analysis tooling we are running on our product,
> pages generated by Juneau from Rest annotations on a Serlvet are flagged as
> insecure because the HTML contains script and style elements that are not
> using a nonce or a hash attribute.
> >
> > Is there any interest here in support of this?
> >
> > If so, I might be able to provide a PR, not 100% sure, since I've only
> looked at the source enough to see where the script tag is written.
> >
> > Thank you,
> > Gary
>

Mime
View raw message