-
Hugh Davenport authored
Bug #1061980 CVE-2012-2247 Before this patch, if a user uploaded HTML or XML files then tried to download them, or linked other users to download them, they would be presented with an escaped version along with a link to download the original. Unfortunately, an SVG file can possibly contain unsecure content, such as javascript, that would be run on the victims browser. This patch adds SVG files (image/svg+xml) to the list of files to not display by default. Change-Id: I56e7c9d2a7d8de03b5b3be31f0ac44198547ea09 Signed-off-by:Hugh Davenport <hugh@catalyst.net.nz>
52e35d9d
