-
We get user complaints quite often about 'whois down', which then simply originates from the fact that we return a 404 on REST API updates. This was a design decision to make users clearly aware that …
-
I wasn't sure whether I needed to do any fancy CSRF protection when I passed the assertion from the user's browser to my server, and Ben Adida said I should. We should probably mention this in the dev…
-
**loadHTML** seems to be affected too by this issue, yet no implementation provides this. (http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html)
Why do you scan the whole document again after creat…
-
I think we will be more lucky with a version number...
ghost updated
10 years ago
-
http://docs.pylonsproject.org/projects/pyramid/en/latest/quick_tour.html#views
https://github.com/Pylons/pyramid/blob/master/docs/quick_tour/views/views.py#L17
As there is no templating layer to aut…
-
Many have noted that TLS man-in-the-middle is becoming a serious problem on the Web.
This issue tracks possible mitigations, for potential reference from HTTP/2. Note that this is a liaison issue; we…
mnot updated
10 years ago
-
As per #42 we need to look at moving to a dedicated VM.
-
Runtime errors in Chrome console:
```
Refused to execute script from 'https://raw.github.com/nathanaeljones/studiojs/master/libs/jquery-1.8.2.min.js' because its MIME type ('text/plain') is not execu…
-
Major Issues:
~~In Section 3.1.1.5:~~
~~'If a Content-Type header field is not present, the recipient MAY either assume a media type of "application/octet-stream" ([RFC2046], Section 4.5.1) or exa…
mnot updated
11 years ago
-
Currently the wording on pages such as:
- https://victims-websec.rhcloud.com/about.html
- https://victims-websec.rhcloud.com/bugs.html
- https://victims-websec.rhcloud.com/client.html
are all either …