Tobago Demo

Menu

» Root Dummy » Intro » Input » Output » Select » Command » Container » Popup » Popover » Toast » Tab Group » Sheet » Tree » File Upload » WYSIWYG Editor » Layout » Collapsible » Partial Ajax » Behavior » Form » Validation » Conversion » Format » Theme » Styling » Browser » Locale » AccessKey » DataAttribute » Focus » Meta » Icons » Security » Content Security Policy » Sanitize » Roles » Error Handling » Exception Handler » For Each » Resize » Conversation » WebSocket » Transition » Non Faces Response » Non Faces Request » Configuration » Test
» Root Dummy » Intro » Input » Output » Select » Command » Container » Popup » Popover » Toast » Tab Group » Sheet » Tree » File Upload » WYSIWYG Editor » Layout » Collapsible » Partial Ajax » Behavior » Form » Validation » Conversion » Format » Theme » Styling » Browser » Locale » AccessKey » DataAttribute » Focus » Meta » Icons » Security » Content Security Policy » Sanitize » Roles » Error Handling » Exception Handler » For Each » Resize » Conversation » WebSocket » Transition » Non Faces Response » Non Faces Request » Configuration » Test

Content Security Policy

Tobago supports Content Security Policy (CSP) to prevent cross-site scripting (XSS) and related attacks. Specification link. In short: The HTML page doesn't contain any JavaScript or CSS information. All allowed sources for JavaScript, CSS and other resources have to be declared in special header. If you have own renderers or own JavaScript in your application, this code also needs to support CSP, to use this feature.

Please define CSP in the tobago-config.xml file.

The content of this box may be manipulated by JavaScript

Notice:
When you can read this text, it hasn't been manipulated by JavaScript. That means the CSP is working correctly. Attention!
When you can read this text, the content was manipulated by JavaScript. It seems, your browser doesn't support CSP!
© 2005-2023 Apache Software Foundation, Licensed under the Apache License, Version 2.0.