Page MenuHomePhabricator

Block use of "<base />" in the Content Security Policy
ClosedPublic

Authored by epriestley on Mar 1 2018, 2:54 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jun 3, 7:58 AM
Unknown Object (File)
Mon, Jun 2, 3:22 PM
Unknown Object (File)
Jun 1 2025, 5:34 AM
Unknown Object (File)
May 31 2025, 12:12 PM
Unknown Object (File)
May 8 2025, 11:10 PM
Unknown Object (File)
Apr 25 2025, 8:52 AM
Unknown Object (File)
Apr 6 2025, 12:29 AM
Unknown Object (File)
Mar 31 2025, 9:10 PM
Subscribers
None

Details

Summary

Ref T4340. We don't use "<base />" so we can safely block it.

Test Plan

Injected "<base />" into a page, saw an error in the console showing that the browser had blocked it.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Mar 1 2018, 2:55 AM
epriestley requested review of this revision.
This revision was automatically updated to reflect the committed changes.