synapse/changelog.d/10468.misc at d0b294ad974c05621426369a00be6bf05c4af997 - mirrors/synapse - Sadium Git

mirrors/synapse

mirror of https://github.com/element-hq/synapse.git synced 2024-11-27 12:08:32 +03:00

Denis Kasak 2476d5373c

Mitigate media repo XSSs on IE11. (#10468 )

IE11 doesn't support Content-Security-Policy but it has support for
a non-standard X-Content-Security-Policy header, which only supports the
sandbox directive. This prevents script execution, so it at least offers
some protection against media repo-based attacks.

Signed-off-by: Denis Kasak <dkasak@termina.org.uk>

2021-07-27 13:45:10 +02:00

1 line

95 B

Text

Raw Blame History

Mitigate media repo XSS attacks on IE11 via the non-standard X-Content-Security-Policy header.