id summary reporter owner description type status priority milestone component resolution keywords cc parents 5405 Content Security Policy Matt Molyneaux "CSP (Content Security Policy) is notably missing from MediaGoblin. This will add an additional layer of security should a user be able to bypass comment sanitisation (or the blogging plugin) and add some hostile JS to their content. At the very least, we should use this to limit JS to the host static assets are on. Will be kinda tricky to implement in such a way that it won't cause issues when deploying - especially for novice users." enhancement new minor programming small