myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <...@myfaces.apache.org>
Subject [jira] [Commented] (TOBAGO-1777) Improve CSS Style rendering
Date Thu, 23 Nov 2017 16:28:00 GMT

    [ https://issues.apache.org/jira/browse/TOBAGO-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16264567#comment-16264567
] 

Hudson commented on TOBAGO-1777:
--------------------------------

SUCCESS: Integrated in Jenkins build Tobago Trunk #1144 (See [https://builds.apache.org/job/Tobago%20Trunk/1144/])
TOBAGO-1777: Improve CSS Style rendering * fix <tc:style> inside of (lofwyr: rev 6a65e2bf2154d5dfcb0226dcc3520ec7f39381e5)
* (edit) tobago-core/src/main/java/org/apache/myfaces/tobago/internal/renderkit/renderer/SheetRenderer.java


> Improve CSS Style rendering
> ---------------------------
>
>                 Key: TOBAGO-1777
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1777
>             Project: MyFaces Tobago
>          Issue Type: Improvement
>            Reporter: Udo Schnurpfeil
>            Assignee: Udo Schnurpfeil
>             Fix For: 4.0.0
>
>
> Drop "data-tobago-style" attribute. With CSP Level 2 it's possible, to put individual
CSS inside the page marked with a nonce. So we'll get rid of the JavaScript data-attribute
solution.
> That might render faster and might be more secure (an attacker may currently include
a data-tobago-style attribute). That's not a big problem, because the JavaScript only supports
a limited subset of CSS.
> Current todos:
> * Collect Styles and render at the end of the body (/)
> * Write a nonce on the styles and set the HTTP CSP Level 2 header (/)
> * AJAX support (/)
> * Test: backgroundImage (x)
> * new util RandomUtils for the nonce (which is the same like in the class Secret, see
TOBAGO-1787) (/)
> * Simplify some renderers (/)
> * Simplify IconEncoder concept (TOBAGO-1778)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message