CVSROOT: /cvs Module name: src Changes by: [email protected] 2019/11/10 15:18:01
Modified files:
usr.bin/mandoc : cgi.c
Log message:
Add a Content-Security-Policy HTTP header that allows only CSS.
This ensures that in a modern browser that understands the header,
mandoc rendering bugs cannot possibly be interpreted as JavaScript.
ok schwarze@
