Skip to content
Commit f4af9b1a authored by Jesse Glick's avatar Jesse Glick Committed by Kohsuke Kawaguchi
Browse files

[SECURITY-47] 

- My second patch, with whitelisted XPath values and forbidden JSONP.
- Disabling JSONP altogether for REST API (unless explicitly allowed).
- Forbid primitive XPath result sets by default.
- Refuse to serve _crumb=123456 as this could (very hypothetically) be exploited.
parent aaf79ed3
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment