CSP: Allow inline scripts while blocking javascript: in iframe src

We wan’t to prevent attacks comming in from src attribute "javascript:" but still allow lnline script tags.
Currently the only option is to add sha-hash’s but there are too many inline scripts to do this.
Unfortunately we can’t m… Continue reading CSP: Allow inline scripts while blocking javascript: in iframe src

How dangerous is disabling PHPHighRiskMethodsVariables_BODY from the AWS ACLs?

Problem
Users in my application are being blocked (by the AWS WAF) from uploading files with certain names. In the specific case I am trying to solve, the problematic string is .* System (.*).*.
Background
The block is coming from the PHPH… Continue reading How dangerous is disabling PHPHighRiskMethodsVariables_BODY from the AWS ACLs?