Version 2.8.0
paragonie-security
released this
15 Dec 03:53
·
50 commits
to master
since this release
Prevent semicolon or CLRF injection. See 1a1a85f for details.
CSP-Builder is a developer tool. It is not meant to be used with user input.
However, the ability to inject CSP directives or additional headers violates the principle of least astonishment.
This was reported via user demonia on HackerOne.