Opened 4 years ago
Last modified 5 weeks ago
#320 new enhancement
Additional XSS protection for the usage of SVG files?
Reported by: | TC Haddad | Owned by: | Jeff McKenna |
---|---|---|---|
Priority: | critical | Milestone: | 5.0.1 release |
Component: | MS4W - Apache | Version: | 4.0.5 |
Keywords: | Cc: | ||
Blocked By: | Blocking: |
Description
This config modification was suggested in a Joomla security notice, and I wondered if you think it worth including in MS4W:
"This rule will protect users of svg files from potential Cross-Site-Scripting (XSS) vulnerabilities."
<FilesMatch "\.svg$"> <IfModule mod_headers.c> Header always set Content-Security-Policy "script-src 'none'" </IfModule> </FilesMatch>
Change History (3)
comment:1 by , 4 years ago
Component: | MS4W - Base → MS4W - Apache |
---|---|
Priority: | enhancement → critical |
comment:3 by , 5 weeks ago
Milestone: | 5.0.0 release → 5.0.1 release |
---|
Note:
See TracTickets
for help on using tickets.
Great idea. I think this is very important, absolutely will add to next MS4W release. thanks!