Home Esplora Aiuto
Accedi
wiki
/
weseek__growi
mirror da https://github.com/weseek/growi
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

Merge pull request #2688 from weseek/fix/protecting-against-XSS-in-SVG

Fix/protecting against xss in svg
Yuki Takei 5 anni fa
parent
1f7a61017a 2a086b9eaa
commit
489f874cf9
1 ha cambiato i file con 4 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 4 1
      src/server/routes/attachment.js

+ 4 - 1
src/server/routes/attachment.js
Vedi File 

@@ -228,7 +228,10 @@ module.exports = function(crowi, app) {
 
     }
 
     // reference
 
     else {
 
-      res.set('Content-Type', attachment.fileFormat);
 
+      res.set({
 
+        'Content-Type': attachment.fileFormat,
 
+        'Content-Security-Policy': "script-src 'unsafe-hashes'",
 
+      });
 
     }
 
   }