id	summary	keywords	status	owner	type	priority
1797	WUI: view content in an HTML5 sandboxed iframe	wui security usability javascript sandbox same-origin websec	new		defect	major
1859	Proof-of-concept attack: Upload and execute attacker controlled js from any domain.	security javascript same-origin capleak websec	new	davidsarah	defect	major
2136	Use Content-Security-Policy to harden the WUI	csp wui security xss javascript	new	daira	defect	normal