HomePhabricator

SECURITY: Don't allow embedded application/xml in SVG's

This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

SECURITY: Don't allow embedded application/xml in SVG's

Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got
around our blacklist on embedded href targets. Use a whitelist instead.

Bug: T85850
Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28

Details

Provenance
csteippAuthored on
ChangeId
I17b7ed65935b818695a83fd901fcaf90fffecf28

Commit No Longer Exists

This commit no longer exists in the repository.