CVSROOT: /cvs Module name: src Changes by: bent...@cvs.openbsd.org 2019/11/10 15:18:01
Modified files: usr.bin/mandoc : cgi.c Log message: Add a Content-Security-Policy HTTP header that allows only CSS. This ensures that in a modern browser that understands the header, mandoc rendering bugs cannot possibly be interpreted as JavaScript. ok schwarze@