Platform UI 4.4.0

Security

As CSP is considered to be a ‘defence in depth’ technique used against content injection attacks.

New directives available under this policy have been reviewed and implemented where appropriate.

Content Security Policy (CSP) is a standard introduced to help prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from the execution of malicious content in a trusted web page context and is widely supported by modern web browsers.

CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website; covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files and other HTML5 features.

Bug Fixes

• Allow Business Admin to see the benefits reports from within platform analytics.
• Various Notice board ui issues