Rudolf Cardinal

icon indicating a website link https://orcid.org/0000-0002-8751-5167 icon indicating an email [email protected]

icon company University of Cambridge (@cambridgeuniversity), CPFT, CUH, @ucam-department-of-psychiatry icon location Cambridge, UK icon location Professor of psychiatry and informatics; honorary consultant liaison psychiatrist.

Results 3 issues of Rudolf Cardinal

Support for Content-Security-Policy headers via nonce attribute of script/style tags, to avoid need for unsafe-inline CSP rule

4 comment

Setting the ``Content-Security-Policy`` (CSP) HTTP header (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy), which is a good thing, means that inline ```` and ```` tags will be blocked by the browser unless either the ``unsafe-inline`` CSP...

Support for Content-Security-Policy headers via nonce attribute of script/style tags

Suggested fix for https://github.com/Pylons/deform/issues/512. (Code style uses Python 3 type hinting, since ``setup.py`` has Python 3.6 as the minimum version.)

Upgrade jQuery past known vulnerabilities

1 comment

Thanks for Deform; lovely work! An question/issue re the jQuery versuib and security: - The current version of Deform (2.0.15) ships with ``static/scripts/jquery-2.0.3.min.js``. - The advice is to load this...