devol/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-02-02 00:47:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable no-referrer on img tags, enable strict-origin-when-cross-origin by default

Browse Source 
Fixes #3889

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Kevin Decherf 2019-05-01 14:05:38 +02:00
parent 570113208b
commit 2dbb5b2307
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Wallabag/CoreBundle/Helper/ContentProxy.php
View File

@ -47,6 +47,7 @@ class ContentProxy
*/ */
public function updateEntry(Entry $entry, $url, array $content = [], $disableContentUpdate = false) public function updateEntry(Entry $entry, $url, array $content = [], $disableContentUpdate = false)
{ {
$this->graby->toggleImgNoReferrer(true);
if (!empty($content['html'])) { if (!empty($content['html'])) {
$content['html'] = $this->graby->cleanupHtml($content['html'], $url); $content['html'] = $this->graby->cleanupHtml($content['html'], $url);
} }

1
src/Wallabag/CoreBundle/Resources/views/base.html.twig
View File

@ -8,6 +8,7 @@
{% block head %} {% block head %}
<meta name="viewport" content="initial-scale=1.0"> <meta name="viewport" content="initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="referrer" content="strict-origin-when-cross-origin">
<!--[if IE]> <!--[if IE]>
<meta http-equiv="X-UA-Compatible" content="IE=10"> <meta http-equiv="X-UA-Compatible" content="IE=10">
<![endif]--> <![endif]-->