CVS: cvs.openbsd.org: src

Anthony J . Bentley Sun, 10 Nov 2019 14:19:06 -0800

CVSROOT:        /cvs
Module name:    src
Changes by:     bent...@cvs.openbsd.org 2019/11/10 15:18:01


Modified files:
        usr.bin/mandoc : cgi.c 

Log message:
Add a Content-Security-Policy HTTP header that allows only CSS.

This ensures that in a modern browser that understands the header,
mandoc rendering bugs cannot possibly be interpreted as JavaScript.

ok schwarze@

CVS: cvs.openbsd.org: src

Reply via email to