Page MenuHomePhabricator
Files F18299682

D7329.id16503.diff
No OneTemporary
Actions

D7329.id16503.diff
View Options

Index: src/infrastructure/celerity/CelerityStaticResourceResponse.php
===================================================================
--- src/infrastructure/celerity/CelerityStaticResourceResponse.php
+++ src/infrastructure/celerity/CelerityStaticResourceResponse.php
@@ -193,6 +193,9 @@
throw new Exception(
'Literal </script> is not allowed inside inline script.');
}
+ if (strpos($data, '<!') !== false) {
+ throw new Exception('Literal <! is not allowed inside inline script.');
+ }
return hsprintf(
// We don't use <![CDATA[ ]]> because it is ignored by HTML parsers. We
// would need to send the document with XHTML content type.

File Metadata

Mime Type
text/plain
Expires
Aug 24 2025, 6:30 PM (5 w, 4 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
8353773
Default Alt Text
D7329.id16503.diff (691 B)

Event Timeline

Phabricator · Built by Phacility