Additional XSS protection for the usage of SVG files?
|Reported by:||TC Haddad||Owned by:||Jeff McKenna|
|Component:||MS4W - Apache||Version:||4.0.5|
This config modification was suggested in a Joomla security notice, and I wondered if you think it worth including in MS4W:
"This rule will protect users of svg files from potential Cross-Site-Scripting (XSS) vulnerabilities."
<FilesMatch "\.svg$"> <IfModule mod_headers.c> Header always set Content-Security-Policy "script-src 'none'" </IfModule> </FilesMatch>