Martin Gubri

Agreed. Using `nonce-` or `sha256-` in `script-src` is a a lot better than `'self'` to mitigate the exploitation of XSS, like #183. See [Documentation](https://content-security-policy.com/#source_list).

Thank you so much for your nice and quick replies! I agree that the easiest would be to update the docstring. And I think that the current behaviour is correct...

@nmegiddo #1800 should fix the sampling in the L1 ball. Could you check that my fix is correct? Thanks :) @beat-buesser Yes, I will try to implement a brute force...

Thanks for your prompt reply! I was busy preparing and defending my PhD thesis during the last few months 😄 - I read #123 : it is correct that the...

This PR should include the security fix of this [issue](https://framagit.org/framasoft/framemo/issues/4) when it will be ready (this is confidential for now).

@ldidry Can you include the fix to [this XSS](https://framagit.org/framasoft/framemo/issues/4) in this MR. @ocdtrekkie I have created a MR in your repo to fix the Sandstorm version: https://github.com/ocdtrekkie/scrumblr/pull/11

This PR should include [this fix](https://framagit.org/framasoft/framemo/merge_requests/2) to [this issue](https://framagit.org/framasoft/framemo/issues/3) I made, before being accepted.

Using sentry-python (named `sentry-sdk` in pip) instead of the legacy raven, there is a much simpler solution based on the fact that scrapy logging features are based on the stdlib...