Tasks related to enhancing the security of Phabricator.
Sun, Apr 8
Sat, Apr 7
A related attack is a bare whatever.patch file which writes to .git/config or .hg/hgconfig or whatever.
Thu, Apr 5
Fri, Mar 23
Actually, it seems like rel="noreferrer" fixes this. This is bizarre so maybe this is a problem with a spooky ghost haunting my computer?
Mar 15 2018
Mar 8 2018
very good memes
Actually, HTML mail has an issue now.
This is technically fixed now but the meme stuff is real old and rough so I'm going to maybe make some kind of effort to get through more of T5258, etc.
Mar 7 2018
Mar 5 2018
Mar 2 2018
This is promoting soon and we seem to have come through it without too much damage. T13095 is a followup for style="..." attributes.
Mar 1 2018
These changes are all deployed here, now. The embed element only got touched lightly but is at least slightly better. See T4340 for further adventures in Content-Security-Policy.