Page MenuHomePhabricator

Block use of "<base />" in the Content Security Policy

Authored by epriestley on Mar 1 2018, 2:54 AM.



Ref T4340. We don't use "<base />" so we can safely block it.

Test Plan

Injected "<base />" into a page, saw an error in the console showing that the browser had blocked it.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Mar 1 2018, 2:54 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 1 2018, 2:55 AM
epriestley requested review of this revision.
This revision was automatically updated to reflect the committed changes.