Skip to content

Version 2.8.0

Compare
Choose a tag to compare
@paragonie-security paragonie-security released this 15 Dec 03:53
· 50 commits to master since this release
v2.8.0

Prevent semicolon or CLRF injection. See 1a1a85f for details.

CSP-Builder is a developer tool. It is not meant to be used with user input.

However, the ability to inject CSP directives or additional headers violates the principle of least astonishment.

This was reported via user demonia on HackerOne.