CVSROOT: /cvs
Module name: src
Changes by: r...@cvs.openbsd.org 2014/10/21 07:00:33
Modified files:
usr.sbin/httpd : server_file.c server_http.c
Log message:
Rework the error message a little bit: Do not send details of the
error. Traditionally, web servers responsed with the request path on
40x errors which could be abused to inject JavaScript etc. Instead of
sanitizing the path, we just don't reprint it. Also modify the style
a little bit but keep Comic Sans.
With input from Jonas Lindemann and doug@
