1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-26 23:40:57 +01:00
phorge-phorge/scripts
epriestley c8b4bfdcd1 Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks
Summary:
Some browsers will still sniff content types even with "Content-Type" and
"X-Content-Type-Options: nosniff". Encode "<" and ">" to prevent them from
sniffing the content as HTML.

See T865.

Also unified some of the code on this pathway.

Test Plan: Verified Opera no longer sniffs the Conduit response into HTML for
the test case in T865. Unit tests pass.

Reviewers: cbg, btrahan

Reviewed By: cbg

CC: aran, epriestley

Maniphest Tasks: T139, T865

Differential Revision: https://secure.phabricator.com/D1606
2012-02-14 14:51:51 -08:00
..
conduit Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks 2012-02-14 14:51:51 -08:00
daemon Merge __init_env__.php into __init_script__.php 2011-10-02 11:48:09 -07:00
drydock Move resource allocation to task queue 2012-01-24 09:44:14 -08:00
install Improve order of operations in upgrade script 2012-01-16 11:52:01 -08:00
mail Fix encodings for mime headers and body if not UTF-8 2011-12-02 08:47:45 -08:00
repository Fix existence test in "reconcile.php" 2012-02-07 10:46:26 -08:00
search Merge __init_env__.php into __init_script__.php 2011-10-02 11:48:09 -07:00
setup Test for pcntl availability from the command line, not Apache 2011-05-30 21:02:08 -07:00
sql Merge __init_env__.php into __init_script__.php 2011-10-02 11:48:09 -07:00
symbols Document how to use the symbol importer 2011-12-22 06:45:59 -08:00
user Unify logic for username validation 2012-01-16 11:52:59 -08:00
util Make "purge_cache.php --differential" also purge the inline comment cache 2012-01-18 15:20:33 -08:00
__init_env__.php Fix __init_script__.php issue with event engine. 2011-09-30 13:17:45 -07:00
__init_script__.php Merge __init_env__.php into __init_script__.php 2011-10-02 11:48:09 -07:00
celerity_mapper.php Update Javelin; improve package definitions 2011-12-20 08:27:54 -08:00