diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-01-20 23:30:16 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-01-20 23:30:16 +0100 |
| commit | af8c1936058bfedfe6ae256cab2a70259f11e044 (patch) | |
| tree | c7e9f73133b43ff75be26b390fed618a98634c92 /lib/template.php | |
| parent | 967b7947a17d772b715e6c060c810d13912e0e67 (diff) | |
| download | nextcloud-server-af8c1936058bfedfe6ae256cab2a70259f11e044.tar.gz nextcloud-server-af8c1936058bfedfe6ae256cab2a70259f11e044.zip | |
Disallow inline JS
Diffstat (limited to 'lib/template.php')
| -rw-r--r-- | lib/template.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/template.php b/lib/template.php index 09c2fefd8a1..7ac2b321b33 100644 --- a/lib/template.php +++ b/lib/template.php @@ -190,6 +190,7 @@ class OC_Template{ header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE header('Content-Security-Policy: default-src \'self\'; script-src \'self\' \'unsafe-inline\'; style-src \'self\' \'unsafe-inline\''); // Disallow external ressources + eval() + header('X-WebKit-CSP: default-src \'self\'; style-src \'self\' \'unsafe-inline\''); $this->findTemplate($name); } |