Page MenuHomePhabricator
Differential D19158

Block use of "<base />" in the Content Security Policy
ClosedPublic
Actions

Authored by epriestley on Mar 1 2018, 2:54 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Feb 9, 5:34 AM
Unknown Object (File)
Sun, Feb 9, 5:34 AM
Unknown Object (File)
Sun, Feb 9, 5:34 AM
Unknown Object (File)
Sun, Feb 9, 5:34 AM
Unknown Object (File)
Sat, Feb 8, 7:42 AM
Unknown Object (File)
Fri, Jan 31, 12:07 AM
Unknown Object (File)
Tue, Jan 28, 6:59 PM
Unknown Object (File)
Tue, Jan 28, 3:29 AM
View All Files
Subscribers
None

Details

Reviewers
None
Maniphest Tasks
T4340: Implement Content-Security-Policy and Strict-Transport-Security headers
Commits
rPd5befb1a0ea3: Block use of "<base />" in the Content Security Policy
Summary

Ref T4340. We don't use "<base />" so we can safely block it.

Test Plan

Injected "<base />" into a page, saw an error in the console showing that the browser had blocked it.

Diff Detail

Repository
rP Phabricator
Branch
csp6
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 19704
Build 26686: Run Core Tests
Build 26685: arc lint + arc unit

Event Timeline

epriestley created this revision.Mar 1 2018, 2:54 AM
Harbormaster completed remote builds in B19704: Diff 45893.Mar 1 2018, 2:55 AM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 1 2018, 2:55 AM
epriestley requested review of this revision.
Closed by commit rPd5befb1a0ea3: Block use of "<base />" in the Content Security Policy (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
aphront/
response/
3 lines

Diff 45893

View Options

src/aphront/response/AphrontResponse.php

Loading...
Phabricator · Built by Phacility