Brett Zamir 11baad0402 - Security fix/Breaking change (Imagelib): Require allowedImageLibOrigins ...

config array be set with safe origins or otherwise reject `postMessage`
  messages in case from untrusted sources
- Security fix/Breaking change (xdomain): Namespace xdomain file to avoid
  it being used to modify non-xdomain storage
- Security fix (Imagelib): Expose `dropXMLInternalSubset` to extensions
  for preventing billion laughs attack (and use in Imagelib)

2018-09-24 20:59:47 +08:00

2.7 KiB

Raw Blame History

View Raw