-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Has anyone setup a Content Security Policy to prevent XSS attacks with the website is based on ZK. It appears from my experimenting that default-src needs 'unsafe-eval' in order for a ZK site to work. I believe that this attribute 'unsafe-eval' compromises the integrity of the content security policy where users could inject javascript in a eval clause.
It would be nice to hear from ZK on any recommendations they have regarding this. I appreciate feed back from anyone else too.
Asked: 2017-04-18 15:10:17 +0800
Seen: 19 times
Last updated: Apr 18 '17