-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix to avoid duplicated issue in Burp for the same URL.
- Loading branch information
Showing
4 changed files
with
9 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 3 additions & 2 deletions
5
csp-auditor-core/src/main/resources/resources/descriptions/issue_style.htm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,9 @@ | ||
<p>The configuration allows the inclusion of arbitrary stylesheets. Stylesheet inclusion has very limited possibilities.</p> | ||
|
||
<p> | ||
<b>References:</b><br/> | ||
<br/> | ||
<a href="http://sirdarckcat.blogspot.ca/2008/10/about-css-attacks.html">About CSS Attacks</a> by Eduardo Vela<br/> | ||
<a href="http://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html">CSS based Attack: Abusing unicode-range of @font-face</a> by Masato Kinugawa<br/> | ||
<a href="https://www.nds.rub.de/media/emma/veroeffentlichungen/2012/08/16/scriptlessAttacks-ccs2012.pdf">Scriptless Attacks – Stealing the Pie Without Touching the Sill</a> by Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk<br/> | ||
<a href="http://blog.portswigger.net/2015/02/prssi.html">Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities</a> by James Kettle<br/> | ||
<a href="http://blog.portswigger.net/2015/02/prssi.html">Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities</a> by James Kettle | ||
</p> |
Binary file not shown.