Page MenuHomePhabricator
Differential D19158

Block use of "<base />" in the Content Security Policy
ClosedPublic
Actions

Authored by epriestley on Mar 1 2018, 2:54 AM.

Details

Reviewers
None
Maniphest Tasks
T4340: Implement Content-Security-Policy and Strict-Transport-Security headers
Commits
rPd5befb1a0ea3: Block use of "<base />" in the Content Security Policy
Summary

Ref T4340. We don't use "<base />" so we can safely block it.

Test Plan

Injected "<base />" into a page, saw an error in the console showing that the browser had blocked it.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Mar 1 2018, 2:54 AM
Harbormaster completed remote builds in B19704: Diff 45893.Mar 1 2018, 2:55 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 1 2018, 2:55 AM
epriestley requested review of this revision.
Closed by commit rPd5befb1a0ea3: Block use of "<base />" in the Content Security Policy (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
aphront/
response/
3 lines

Diff 45894

View Options

src/aphront/response/AphrontResponse.php

Loading...
Phabricator · Built by Phacility