The views need CSP rules, probably just blocking JS as I don’t think they include any, but need to check. Should avoid any incompatibility with 5.0 though so will need to define some relevant beans, either here or in commons depending on what makes sense.
If the views are internal and not generally exposed to deployers, we’ll want to consider options that leave it off by default internally to avoid browser issues, but could turn the feature on by overriding a property in new installs. If the views are external files, we can just change them since upgrades don’t get those changes anyway.
The views need CSP rules, probably just blocking JS as I don’t think they include any, but need to check. Should avoid any incompatibility with 5.0 though so will need to define some relevant beans, either here or in commons depending on what makes sense.
If the views are internal and not generally exposed to deployers, we’ll want to consider options that leave it off by default internally to avoid browser issues, but could turn the feature on by overriding a property in new installs. If the views are external files, we can just change them since upgrades don’t get those changes anyway.