id summary reporter owner description type status priority milestone component version resolution keywords cc blockedby blocking 320 Additional XSS protection for the usage of SVG files? TC Haddad Jeff McKenna "This config modification was suggested in a Joomla security notice, and I wondered if you think it worth including in MS4W: ''""This rule will protect users of svg files from potential Cross-Site-Scripting (XSS) vulnerabilities.""'' {{{ Header always set Content-Security-Policy ""script-src 'none'"" }}} " enhancement new critical 5.0.0 release MS4W - Apache 4.0.5