This repository has been archived by the owner on Sep 8, 2021. It is now read-only.
Add support for CSP #909
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket).
type: enhancement
There is implementer and support from maintainer, and is no opposition. Waiting for milestone.
Projects
Milestone
It would be amazing to have CSP support in Airsonic, since it's not uncommon to find XSS in airsonic/subsonic/libresonic/… codebases.
Unfortunately, it's non-trivial to make the codebase compliant.
<input type="button" onclick="location.href='XXX'">
(Remove inline javascript on thecancel
buttons #945)eval
The text was updated successfully, but these errors were encountered: