As a security administrator I would like the PrizmDoc

As a security administrator I would like the PrizmDoc viewer client to be Content Security Policy compliant so that I can reliably prevent cross-site scripting(XSS) attacks

As a security administrator I would like the PrizmDoc viewer client to be Content Security Policy compliant so that I can reliably prevent cross-site scripting(XSS) attacks

Customer is looking to add security to their application using Content Security Policies but the way PrizmDoc uses the underscore.js makes it non-compliant and the viewer cannot render while the following Content Security policy directive is being enforced:

Deleted User
Jul 29 2016
Shipped

PrizmDoc Viewer

Comments (3)
Votes (6)

Attach files

Enter a subject
Admin

Mark Fears commented

23 Mar, 2017 03:18pm

This feature shipped in version 12.2.

×
Attachments Open full size
Josh Letcher commented

19 Oct, 2016 07:25pm

Here's some info from lodashs github:

https://github.com/lodash/lodash/issues/832

×
Attachments Open full size
Josh Letcher commented

19 Oct, 2016 05:00pm

The major thing making us not CSP compliant appears to be that we use _.template(), if we could avoid that somehow we would be compliant.

×
Attachments Open full size

Product Ideas

As a security administrator I would like the PrizmDoc viewer client to be Content Security Policy compliant so that I can reliably prevent cross-site scripting(XSS) attacks

Related ideas

As a security administrator I would like the PrizmDoc viewer client to be Content Security Policy compliant so that I can reliably prevent cross-site scripting(XSS) attacks

Attachments Open full size

Attachments Open full size

Attachments Open full size

Identify yourself with your email address

Related ideas