Product Ideas

Strict Content Security Policy in PrizmDoc examples

As a Software Developer, I think Accusoft PrizmDoc should be strict CSP compliant by default (removing the need for unsafe-inline CSP directives on both script and styling elements), including within the sample code, because security by design is best practice and security in general is taking a higher and higher priority these days. I also strongly feel this should be implemented via proper HTTP Headers rather than tags, as the HTTP Headers provide more robust protection. Performing security penetration testing would echo the issues I have outlined here. I would appreciate if you could flag all of these comments with the relevant people at Accusoft for consideration longer term.

  • Ben Reid
  • May 1 2018
  • Planned
  • Attach files
  • +19