v1.1.4

版本发布时间: 2016-07-03 02:12:16

paragonie/airship最新发布版本:v1.4.3(2017-05-06 03:34:34)

i18n - run parameters through HTMLPurifier (with caching) to prevent future XSS payloads in case someone forgets to escape these parameters. HTML is still allowed, so if you're inserting in an HTML attribute, use the |e('html_attr') filter on your input.
Use the correct POST index in account recovery.
Treat SVG and XML files as plaintext, to prevent stored XSS. Reported on HackerOne.
Send Content-Security-Policy headers on file downloads as well as web pages. Just in case another file type exists in the world that executes JavaScript when the file is viewed.