Minetrack

Fascinated/Minetrack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Hugo Manrique	0392fce6c3	Fix XSS by parsing player counts as raw data and validating favicon URIs (#116 ) * Fix XSS by parsing player counts as raw data (instead of parsing it) * Ensure the returned favicon is a data URI * Force server favicon size to 64px * Increase specificity of data URI validation The previous commit would happily accept any domain (or subdomain) that started with "data"	2019-09-05 16:15:44 -05:00

Author

SHA1

Message

Date

Hugo Manrique

0392fce6c3

Fix XSS by parsing player counts as raw data and validating favicon URIs (#116 )

* Fix XSS by parsing player counts as raw data (instead of parsing it)

* Ensure the returned favicon is a data URI

* Force server favicon size to 64px

* Increase specificity of data URI validation

The previous commit would happily accept any domain (or subdomain) that started with "data"

2019-09-05 16:15:44 -05:00

1 Commits