On 28/07/2020 14:48, Christopher Schultz wrote: > All, > > I was looking at this PR[1] and wondering why we have huge swaths of > CSS and HTML in a Java source file, instead of using e.g. JSP or some > other content-generation framework. > > I know, I hate JSP, too, but having large blocks of HTML and CSS in > Java strings is just ... awful. > > Also, is there a particular reason we are using embedded CSS in the > pages instead of an external CSS file? > > Ultimately, it would be a good idea to move all CSS and even styles > into a separate CSS file so we can tighten-up the Content Security > Policy on the manager app. This can help prevent attacks if there > happens to be some kind of XSS vulnerability hiding in there somewhere. > > Any objections to evicting the CSS to begin with?
+1 No objections here. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
