Page MenuHomePhabricator
Differential D19158

Block use of "<base />" in the Content Security Policy
ClosedPublic
Actions

Authored by epriestley on Mar 1 2018, 2:54 AM.
Tags
None
Referenced Files
F18779996: D19158.id45893.diff
Sat, Oct 11, 6:21 PM
F18736116: D19158.diff
Oct 1 2025, 4:54 AM
F18658807: D19158.diff
Sep 23 2025, 8:31 AM
F18604971: D19158.id45894.diff
Sep 13 2025, 7:25 PM
F18574380: D19158.diff
Sep 10 2025, 10:34 AM
F18509376: D19158.id.diff
Sep 5 2025, 3:22 AM
F18502279: D19158.diff
Sep 4 2025, 10:19 PM
F18383679: D19158.id45893.diff
Aug 28 2025, 11:17 PM
View All Files
Subscribers
None

Details

Reviewers
None
Maniphest Tasks
T4340: Implement Content-Security-Policy and Strict-Transport-Security headers
Commits
rPd5befb1a0ea3: Block use of "<base />" in the Content Security Policy
Summary

Ref T4340. We don't use "<base />" so we can safely block it.

Test Plan

Injected "<base />" into a page, saw an error in the console showing that the browser had blocked it.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Mar 1 2018, 2:54 AM
Harbormaster completed remote builds in B19704: Diff 45893.Mar 1 2018, 2:55 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 1 2018, 2:55 AM
epriestley requested review of this revision.
Closed by commit rPd5befb1a0ea3: Block use of "<base />" in the Content Security Policy (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
aphront/
response/
3 lines

Diff 45894

View Options

src/aphront/response/AphrontResponse.php

Loading...
Phabricator · Built by Phacility