Preventing Insecure Content
It is no longer be possible to create or update records if they contain insecure links in their HTML, JavaScript or CSS fields.
Any pre-existing insecure content will continue to work for now. To help customers prepare and migrate any insecure content, the account owners will receive an email with a list of records that are registered in their account and that include one or more links to insecure content.
This list is a JSON file attachment that should make it fairly easy to find the offending content.
The insecure content can be migrated to a secured web server or 4me’s Media Library to ensure that it continues to work once the Content Security Policy (CSP) is enforced. Note that from now on, the CSP will already be enforced for every new 4me account.