Updating BMC GUI Front End Framework
Ed Tanous
ed.tanous at intel.com
Wed Sep 18 08:16:46 AEST 2019
On 9/7/19 2:52 PM, Joseph Reynolds wrote:
> - Community support, especially for security fixes.
In terms of the webui, the "UI" itself is executing in the browser
context, and a majority of the webui "security" is a contract between
bmcweb and the browser, which has next to nothing to do with the
javascript itself.
If you search AngularJs in the CVE database, there's nothing against
angularjs itself, only particular instances of AngularJS applications
with bad containers, not the framework itself.
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=angularjs
We do need to make sure that whatever framework we move to supports the
content-security-policy headers we have in place, but most of that is
just appropriate configuration of the framework, and sticking to some
rules when developing, rather than a framework choice itself.
More information about the openbmc
mailing list