juneau-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Bognar <jamesbog...@gmail.com>
Subject Re: Generate script and style elements
Date Mon, 08 Mar 2021 14:21:22 GMT
LGTM.  Do you want me to merge it immediately or wait?

How in general do you see this working?  Will users have to calculate
a hash themselves and add it to the annotation?  Will we have to
return special headers on REST responses for these?

On Mon, Mar 8, 2021 at 8:07 AM Gary Gregory <garydgregory@gmail.com> wrote:
>
> Hi James and all,
>
> Please advise on https://github.com/apache/juneau/pull/57
>
> Gary
>
>
> On Sat, Mar 6, 2021, 10:07 James Bognar <jamesbognar@gmail.com> wrote:
>>
>> Absolutely.  I'm not familiar with those tags but it sounds like a
>> pretty simple addition.
>>
>> I've also noticed a warning when delivering changes to master.  The
>> link returns a 404 for me.  Maybe this is what it's complaining about.
>>
>> remote:
>> remote: GitHub found 1 vulnerability on apache/juneau's default branch
>> (1 low). To find out more, visit:
>> remote:      https://github.com/apache/juneau/security/dependabot/pom.xml/junit:junit/open
>>
>> On Fri, Mar 5, 2021 at 2:30 PM Gary Gregory <garydgregory@gmail.com> wrote:
>> >
>> > Hi All,
>> >
>> > Due to some dynamic analysis tooling we are running on our product, pages generated
by Juneau from Rest annotations on a Serlvet are flagged as insecure because the HTML contains
script and style elements that are not using a nonce or a hash attribute.
>> >
>> > Is there any interest here in support of this?
>> >
>> > If so, I might be able to provide a PR, not 100% sure, since I've only looked
at the source enough to see where the script tag is written.
>> >
>> > Thank you,
>> > Gary

Mime
View raw message