revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-16 03:42:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/conduit/controller
History
epriestley c8b4bfdcd1 Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks 
Summary:
Some browsers will still sniff content types even with "Content-Type" and
"X-Content-Type-Options: nosniff". Encode "<" and ">" to prevent them from
sniffing the content as HTML.

See T865.

Also unified some of the code on this pathway.

Test Plan: Verified Opera no longer sniffs the Conduit response into HTML for
the test case in T865. Unit tests pass.

Reviewers: cbg, btrahan

Reviewed By: cbg

CC: aran, epriestley

Maniphest Tasks: T139, T865

Differential Revision: https://secure.phabricator.com/D1606
2012-02-14 14:51:51 -08:00
..
api Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks 2012-02-14 14:51:51 -08:00
base Conduit -- kill tabs 2012-01-29 13:41:10 -08:00
console Conduit -- kill tabs 2012-01-29 13:41:10 -08:00
log Conduit -- kill tabs 2012-01-29 13:41:10 -08:00
token Conduit -- kill tabs 2012-01-29 13:41:10 -08:00