summaryrefslogtreecommitdiffstats
path: root/msec.in
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@openbsd.org>2014-07-22 18:14:13 +0000
committerIngo Schwarze <schwarze@openbsd.org>2014-07-22 18:14:13 +0000
commit65cb0941933336f1e6502825398c255d1c4d858e (patch)
tree11ee75f6928885dd7b2a288c785cb7d30b23c602 /msec.in
parent8b2475f4e584d019268fec8ade22101de40acada (diff)
downloadmandoc-65cb0941933336f1e6502825398c255d1c4d858e.tar.gz
Security fix to prevent XSS attacks:
Restrict the character set of strings passed into html_alloc(), in particular architecture names that come from the QUERY_STRING, but also SCRIPT_NAME and manpath.conf content for additional safety, and bail out safely on violations. Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
Diffstat (limited to 'msec.in')
0 files changed, 0 insertions, 0 deletions