Homec4science
Diffusion Phabricator c72f3b4bf135

Lock `uri.allowed-protocols` in Config
c72f3b4bf135
Actions

Authored by epriestley <git@epriestley.com> on Sep 13 2013, 20:48.

Description

Lock uri.allowed-protocols in Config

Summary: This allows administrative overreach. Administrators can enable javascript: and then XSS things if this isn't locked.

Test Plan: Viewed value on web UI, verified it was locked.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6975

Details

Committed
epriestley <git@epriestley.com>Sep 13 2013, 20:48
Pushed
aubortJan 31 2017, 17:16
Parents
rPHde10d919633b: Make normalization of "#yolo" hashtags less aggressive
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHc72f3b4bf135: Lock `uri.allowed-protocols` in Config (authored by epriestley <git@epriestley.com>).Sep 13 2013, 20:48

Changes (1)

Path
Msrc/applications/config/option/PhabricatorSecurityConfigOptions.php

rPHc72f3b4bf135

View Options

src/applications/config/option/PhabricatorSecurityConfigOptions.php

Loading...
c4science ยท Help