v1.1.4
版本发布时间: 2016-07-03 02:12:16
paragonie/airship最新发布版本:v1.4.3(2017-05-06 03:34:34)
- i18n - run parameters through HTMLPurifier (with caching) to prevent future
XSS payloads in case someone forgets to escape these parameters. HTML is
still allowed, so if you're inserting in an HTML attribute, use the
|e('html_attr')
filter on your input. - Use the correct POST index in account recovery.
- Treat SVG and XML files as plaintext, to prevent stored XSS. Reported on HackerOne.
- Send
Content-Security-Policy
headers on file downloads as well as web pages. Just in case another file type exists in the world that executes JavaScript when the file is viewed.
1、 airship-20160702181017.phar 113.75KB
2、 airship-20160702181017.phar.sig 128B