1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 23:02:42 +01:00
No description
Find a file
Jakub Vrana 29391a658e Disallow <! in <script>
Summary:
HTML5 has this crazy script escaping states:

- Script data escaped dash dash state
- Script data double escaped state

https://communities.coverity.com/blogs/security/2012/11/16/did-i-do-that-html-5-js-escapers-3

Perhaps `<!` is too aggressive but I didn't spend much time searching for a more fine grained expression.

Test Plan: Searched for `renderInlineScript()`.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D7329
2013-10-16 09:28:37 -07:00
bin Add a very simple bin/policy script for CLI policy administration 2013-09-29 09:06:41 -07:00
conf Remove dead Maniphest field config from default.conf.php 2013-09-19 12:57:04 -07:00
externals Remove spurious "+x" from files that shouldn't have it 2013-10-05 05:18:17 -07:00
resources Differential Changeset header icons 2013-10-15 07:34:48 -07:00
scripts Projects Icons Series 1 2013-10-12 19:15:38 -07:00
src Disallow <! in <script> 2013-10-16 09:28:37 -07:00
support Remove spurious "+x" from files that shouldn't have it 2013-10-05 05:18:17 -07:00
webroot Differential Changeset header icons 2013-10-15 07:34:48 -07:00
.arcconfig Use JsShrink if jsxmin is not available 2013-05-18 17:04:22 -07:00
.divinerconfig Centralize rendering of application mail bodies 2012-07-16 19:01:43 -07:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Add src/extensions/ to .gitignore 2013-08-14 19:14:23 -07:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Increment year. 2013-01-03 05:45:08 -08:00
README Update README 2013-07-03 12:08:37 -07:00

Phabricator is an open source collection of web applications which make it
easier to write, review, and share source code. Phabricator was developed at
Facebook.

It's pretty high-quality and usable, but under active development so things 
may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.