Opened 3 years ago
Last modified 3 years ago
#320 new enhancement
Additional XSS protection for the usage of SVG files?
| Reported by: | TC Haddad | Owned by: | Jeff McKenna |
|---|---|---|---|
| Priority: | critical | Milestone: | 5.0.0 release |
| Component: | MS4W - Apache | Version: | 4.0.5 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: |
Description
This config modification was suggested in a Joomla security notice, and I wondered if you think it worth including in MS4W:
"This rule will protect users of svg files from potential Cross-Site-Scripting (XSS) vulnerabilities."
<FilesMatch "\.svg$">
<IfModule mod_headers.c>
Header always set Content-Security-Policy "script-src 'none'"
</IfModule>
</FilesMatch>
Change History (2)
comment:1 by , 3 years ago
| Component: | MS4W - Base → MS4W - Apache |
|---|---|
| Priority: | enhancement → critical |
Note:
See TracTickets
for help on using tickets.
Great idea. I think this is very important, absolutely will add to next MS4W release. thanks!