-
Hugh Davenport authored
Bug #1055232 CVE-2012-2243 Before this patch, if a user uploaded HTML or XML files then tried to download them, or linked other users to download them, they would be presented with an escaped version along with a link to download the original. This did not include XHTML files, which can cause the same security issues as HTML or XML files. This patch includes the XHTML mimetype of application/xhtml+xml in the test of which files to escape. Change-Id: Iffb8308fdb56a173fd4af2bbda800999dd11fea3 Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>
4068b7a8