- Added support for W3C Content Security Policy(CSP) * For details about CSP, see https://www.w3.org/TR/CSP/
* New calls: security::csp::nonce: Generate a CSP nonce token token
security::csp::require /directive/ /value/: Add a requirements of a page to the CSP in order to generate later a tailored policy with the minimal permissions for this page. For example, the following requirement is currently added per default to the oacs-master template to permit style tags and style attribites in the markup.
security::csp::require style-src 'unsafe-inline'
security::csp::render: Generate a policy from the requirements
* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP (default on)
- Bump version numbers acs-tcl to 5.9.1d11 acs-bootstrap-installer to 5.9.1d4 acs-kernel to 5.9.1d17
- add support for W3C Subresource Integrity (SRI) * For details about SRI, see https://www.w3.org/TR/SRI/ * Added arguments -crossorigin and -integrity to the following functions template::add_body_script template::add_script template::head::add_javascript template::head::add_link template::head::add_script * Updated blank-master.adp - some more cleanup: * remove commented out code * add missing argument documentation (template::head::add_javascript) * document arguments alphabetically