[
https://issues.apache.org/jira/browse/TOBAGO-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16191012#comment-16191012
]
Hudson commented on TOBAGO-1777:
--------------------------------
SUCCESS: Integrated in Jenkins build Tobago Trunk #1057 (See
[https://builds.apache.org/job/Tobago%20Trunk/1057/])
TOBAGO-1777: Improve CSS Style rendering * Fix textarea: There must no (lofwyr:
rev dab5c661e03934e992cf2ea1d205e4b2ac1a38bd)
* (edit)
tobago-core/src/main/java/org/apache/myfaces/tobago/internal/renderkit/renderer/TextareaRenderer.java
> Improve CSS Style rendering
> ---------------------------
>
> Key: TOBAGO-1777
> URL: https://issues.apache.org/jira/browse/TOBAGO-1777
> Project: MyFaces Tobago
> Issue Type: Improvement
> Reporter: Udo Schnurpfeil
> Assignee: Udo Schnurpfeil
> Fix For: 4.0.0
>
>
> Drop "data-tobago-style" attribute. With CSP Level 2 it's possible, to put
> individual CSS inside the page marked with a nonce. So we'll get rid of the
> JavaScript data-attribute solution.
> That might render faster and might be more secure (an attacker may currently
> include a data-tobago-style attribute). That's not a big problem, because the
> JavaScript only supports a limited subset of CSS.
> Current todos:
> * Collect Styles and render at the end of the body (/)
> * Write a nonce on the styles and set the HTTP CSP Level 2 header (/)
> * AJAX support (/)
> * Test: backgroundImage (x)
> * new util RandomUtils for the nonce (which is the same like in the class
> Secret, see TOBAGO-1787) (/)
> * Simplify some renderers (/)
> * Simplify IconEncoder concept (TOBAGO-1778)
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
