Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-4q96-6xhq-ff43
security: fix stored XSS vulnerability via SVG attachment
  • Loading branch information
ThomasWaldmann committed Nov 8, 2020
2 parents 683a400 + 64e1603 commit 31de913
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion MoinMoin/config/__init__.py
Expand Up @@ -12,7 +12,7 @@
from MoinMoin.util.chartypes import *

# List of image types browser do support regulary
browser_supported_images = ('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', )
browser_supported_images = ('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg+xml')

# Parser to use mimetype text
parser_text_mimetype = ('plain', 'csv', 'rst', 'docbook', 'latex', 'tex', 'html', 'css',
Expand Down
1 change: 1 addition & 0 deletions MoinMoin/config/multiconfig.py
Expand Up @@ -1143,6 +1143,7 @@ def __init__(self, exprstr):
('mimetypes_xss_protect',
[
'text/html',
'image/svg+xml',
'application/x-shockwave-flash',
'application/xhtml+xml',
],
Expand Down

0 comments on commit 31de913

Please sign in to comment.