epriestley c8b4bfdcd1 Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks ... Summary: Some browsers will still sniff content types even with "Content-Type" and "X-Content-Type-Options: nosniff". Encode "<" and ">" to prevent them from sniffing the content as HTML. See T865. Also unified some of the code on this pathway. Test Plan: Verified Opera no longer sniffs the Conduit response into HTML for the test case in T865. Unit tests pass. Reviewers: cbg, btrahan Reviewed By: cbg CC: aran, epriestley Maniphest Tasks: T139, T865 Differential Revision: https://secure.phabricator.com/D1606		2012-02-14 14:51:51 -08:00
..
__tests__	Add test to check all symbols can be loaded	2011-10-20 16:43:13 -07:00
celerity	Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks	2012-02-14 14:51:51 -08:00
daemon	D1535	2012-02-10 09:47:57 -08:00
diff/engine	Fix Diffusion rendering of SVN files which did not change	2011-07-20 11:54:33 -07:00
env	Lock down accepted next URI values for redirect after login	2012-01-13 11:58:45 -08:00
events	Add a "maniphest.update" Conduit method	2012-01-06 11:52:00 -08:00
javelin	Avoid sending CSRF token in GET and external forms	2012-02-03 10:58:51 -08:00
lint	Add a custom lint name hook to Phabricator	2011-08-31 13:49:30 -07:00
markup/remarkup/markuprule	Allow full anchors in remarkup object names	2012-02-03 15:50:19 -08:00
setup	Detect empty $PATH environmental var	2012-01-16 11:49:19 -08:00
testing/testcase	Merge __init_env__.php into __init_script__.php	2011-10-02 11:48:09 -07:00
util/hash	Move most remaining sha1() calls to HMAC	2011-12-19 08:56:53 -08:00