900 new features in WINDEV, WEBDEV and WINDEV Mobile 2026

JAVASCRIPT SECURITY CSP: NO CODE INJECTIONS 665 N e w f e a t u r e W D W B WM • INJECTING JAVASCRIPT INTO A WEB PAGE WEBDEV allows you to develop web applications in WLanguage. When a site is generated, the WLanguage code intended for the UI is automatically converted to JavaScript so that it can be interpreted by the end user's browser. Since JavaScript is executed on the client side, it is technically possible to inject JavaScript code into a web page, even one generated by WEBDEV. All web browsers allow scripts to be modified or added dynamically to an HTML page. This possibility, while sometimes useful for debugging or automation, also presents security risks (notably XSS attacks) and must be used with care. Benefit of this new feature in version 2026: Safety first 666 N e w f e a t u r e W D W B WM • PROTECTION AGAINST JAVASCRIPT INJECTIONS HTML features a security mechanism designed to limit the risk of JavaScript code injection. This mechanism is known as Content Security Policy (CSP). The CSP policy allows you to define, via a "meta" tag in the HTML, the authorized sources for loading and executing scripts, images, etc. It is an effective defense against XSS-type attacks. In version 2026, WEBDEV offers a project-level option for automatically activating CSP throughout the site. Benefit of this new feature in version 2026: Be safe with CSP 667 N e w f e a t u r e W D W B WM • WEBDEV GENERATES THE REQUIRED JAVASCRIPT CODE When CSP is enabled, the code generated by WEBDEV is modified so as to no longer allow external modifications of JavaScript code. These changes include: • appropriate "meta" tag in the pages served to the browser • explicit script declaration • script tags validation using a key (CRC) • Inline scripts no longer allowed. Benefit of this new feature in version 2026: Close the door on malicious injections Wh a t ' s n e w i n W I ND E V 2 0 2 6 WE B D E V 2 0 2 6 W I ND E V Mo b i l e 2 0 2 6 72