Page MenuHomePhabricator
Differential D19158

Block use of "<base />" in the Content Security Policy
ClosedPublic
Actions

Authored by epriestley on Mar 1 2018, 2:54 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 31, 12:07 AM
Unknown Object (File)
Tue, Jan 28, 6:59 PM
Unknown Object (File)
Tue, Jan 28, 3:29 AM
Unknown Object (File)
Sun, Jan 26, 6:15 AM
Unknown Object (File)
Sat, Jan 25, 12:25 AM
Unknown Object (File)
Sat, Jan 25, 12:25 AM
Unknown Object (File)
Sat, Jan 25, 12:25 AM
Unknown Object (File)
Sat, Jan 25, 12:25 AM
View All Files
Subscribers
None

Details

Reviewers
None
Maniphest Tasks
T4340: Implement Content-Security-Policy and Strict-Transport-Security headers
Commits
rPd5befb1a0ea3: Block use of "<base />" in the Content Security Policy
Summary

Ref T4340. We don't use "<base />" so we can safely block it.

Test Plan

Injected "<base />" into a page, saw an error in the console showing that the browser had blocked it.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Mar 1 2018, 2:54 AM
Harbormaster completed remote builds in B19704: Diff 45893.Mar 1 2018, 2:55 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 1 2018, 2:55 AM
epriestley requested review of this revision.
Closed by commit rPd5befb1a0ea3: Block use of "<base />" in the Content Security Policy (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
aphront/
response/
3 lines

Diff 45894

View Options

src/aphront/response/AphrontResponse.php

Loading...
Phabricator · Built by Phacility