twisterarmy/twister-core
1
0
Fork 0
mirror of https://github.com/twisterarmy/twister-core.git synced 2025-02-03 18:34:46 +00:00
Code Issues Projects Releases Wiki Activity

use Content-Security-Policy to prevent javascript: injection in URLs.

Browse Source 
unfortunately we still require 'unsafe-eval' due to jquery.getScript
This commit is contained in:
Miguel Freitas 2015-07-17 17:27:09 -03:00
parent 2668b4d832
commit e7a1bf77fa
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/bitcoinrpc.cpp
View File

@ -377,6 +377,7 @@ static string HTTPReply(int nStatus, const string& strMsg, bool keepalive, const
"Connection: %s\r\n"
"Content-Length: %"PRIszu"\r\n"
"Content-Type: %s\r\n"
"Content-Security-Policy: script-src 'self' 'unsafe-eval'\r\n"
"Server: bitcoin-json-rpc/%s\r\n"
"\r\n",
nStatus,