upstream/mercurial-mirror Files · tests/gpg/secring.gpg

hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)...

hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923) Before: hgweb made it possible to download file content with a content type detected from the file extension. It would serve .html files as text/html and could thus cause XSS vulnerabilities if the web site had any kind of session authorization and the repository content wasn't fully trusted. Now: all files default to "application/binary", which all important browsers will refuse to treat as text/html. See the table here: https://code.google.com/p/browsersec/wiki/Part2#Survey_of_content_sniffing_behaviors

Brendan Cully - - Load All Authors

File last commit:

r8809:6fce3633 default


                r15004:d06b9c55

stable

Download file

             secring.gpg
        
                    0 lines
            
             | 1.2 KiB
            
                | application/octet-stream
            
             |
                TextLexer

/ tests / gpg / secring.gpg

History | Annotation | Raw

Binary file (application/octet-stream)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages