Mercurial > p > roundup > code
annotate website/issues/detectors/no_texthtml.py @ 5212:d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
This was an easy addon compared to the complexity of the CSRF nonce
support. It only works in chromium browsers (Chrome, Opera...) at
the moment. But there is recent activity on implementing it in
firefox. Who know when edge/ie will adopt it. So csrf nonce and
header analysis will be needed for a while.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 19 Mar 2017 19:01:41 -0400 |
| parents | c2d0d3e9099d |
| children | 0942fe89e82e |
| rev | line source |
|---|---|
|
4024
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
1 |
|
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
2 def audit_html_files(db, cl, nodeid, newvalues): |
|
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
3 if newvalues.has_key('type') and newvalues['type'] == 'text/html': |
|
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
4 newvalues['type'] = 'text/plain' |
|
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
5 |
|
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
6 |
|
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
7 def init(db): |
|
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
8 db.file.audit('set', audit_html_files) |
|
c2d0d3e9099d
svn repository setup
Stefan Seefeld <stefan@users.sourceforge.net>
parents:
diff
changeset
|
9 db.file.audit('create', audit_html_files) |