Feeling Lucky
?
[#31298] - [4.0] Missing JS-protection in .htaccess in case of directly opening a .svg file
- Closed
- 2 Nov 2020
- Medium
- Build: staging
- # 31298
Steps to reproduce the issue
Missing JS-protection in .htaccess [4.0] in case of directly opening a .sgv file.
This script is present in [3.x].
Expected result
Following script is present in htaccess [4.0].
## Disable inline JavaScript when directly opening SVG files or embedding them with the object-tag
<FilesMatch "\.svg$">
<IfModule mod_headers.c>
Header always set Content-Security-Policy "script-src 'none'"
</IfModule>
</FilesMatch>
Actual result
Script is NOT present in htaccess.
System information (as much as possible)
[4.0]
Additional comments
This script is present in [3.x]. See #30221.
joomla-cms-bot
- | Labels |
Added:
?
|
||
Quy
- comment
- 2 Nov 2020
See #31291 (comment)
zero-24
- comment
- 2 Nov 2020
Not eventually but definitely this is true for all bugs fixed in the 3.x series. I would propose to have one ticket thats than marked as release block and not have one per bug fixdd in 3.x
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-11-02 15:34:37 |
| Closed_By | ⇒ | Quy |
| Title |
|
||||||
sandewt
- comment
- 2 Nov 2020
Thanks all.
Code committed in to j3 will be eventually merged in to j4