id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
5405	Content Security Policy	Matt Molyneaux		"CSP (Content Security Policy) is notably missing from MediaGoblin.

This will add an additional layer of security should a user be able to bypass comment sanitisation (or the blogging plugin) and add some hostile JS to their content.

At the very least, we should use this to limit JS to the host static assets are on.

Will be kinda tricky to implement in such a way that it won't cause issues when deploying - especially for novice users."	enhancement	new	minor		programming		small