mattia / pagure

Forked from pagure 3 years ago
Clone

66093b8 Do not serve svg inline

1 file Authored by Michael Scherer 5 years ago, Committed by pingou 5 years ago,
    Do not serve svg inline
    
    SVG can contain javascript, so that's a easy vector for XSS on pagure.
    
    Fix CVE-2018-1002155
    
    Signed-off-by: Michael Scherer <misc@redhat.com>
    
        
file modified
+1 -1