epriestley c8b4bfdcd1 Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks ... Summary: Some browsers will still sniff content types even with "Content-Type" and "X-Content-Type-Options: nosniff". Encode "<" and ">" to prevent them from sniffing the content as HTML. See T865. Also unified some of the code on this pathway. Test Plan: Verified Opera no longer sniffs the Conduit response into HTML for the test case in T865. Unit tests pass. Reviewers: cbg, btrahan Reviewed By: cbg CC: aran, epriestley Maniphest Tasks: T139, T865 Differential Revision: https://secure.phabricator.com/D1606		2012-02-14 14:51:51 -08:00
..
applicationconfiguration	Automatically redirect 404's that wouldn't be 404s if they had a trailing slash	2011-04-04 10:29:46 -07:00
console	Minor, fix number_format() warning.	2012-01-05 09:09:36 -08:00
controller	Modularize oauth.	2011-02-27 20:38:11 -08:00
default	Add very very basic reporting to Maniphest	2012-02-08 09:47:14 -08:00
exception	Fix conservative CSRF token cycling limit	2011-07-14 08:09:40 -07:00
mapper	Import some code, some of which may be relevant to the project.	2011-01-17 19:31:39 -08:00
request	Improve error message for Conduit path problems	2012-01-16 11:48:21 -08:00
response	Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks	2012-02-14 14:51:51 -08:00
sink	Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks	2012-02-14 14:51:51 -08:00
writeguard	Create AphrontWriteGuard, a backup mechanism for CSRF validation	2011-08-16 13:29:57 -07:00