Bug 414064 part 1. Mark UTF-7 as being vulnerable to XSS attacks. r=VYV03354@nifty.ne.jp

This commit is contained in:
Simon Montagu 2011-03-28 23:32:11 -04:00
Родитель 7e664f367c
Коммит f8a49c58f1
1 изменённых файлов: 18 добавлений и 4 удалений

Просмотреть файл

@ -43,7 +43,7 @@
## Format of this file:
##
## charset_name.notForBrowser = anything - specifies that this charset is
## not to be used in the browser
## not to be exposed in the browser charset selection UI
## charset_name.notForOutgoing = anything - specifies that this charset is
## not to be used for exporting files ('SaveAsCharset' in composer)
##
@ -55,25 +55,39 @@
##
## charset_name.isMultibyte = multi byte charsets
# notForBrowser falls into four categories:
#
# charsets that we need decoders for, that we don't expect ever to appear in
# web content
# XXX do we still need to support t.61?
t.61-8bit.notForBrowser = true
x-imap4-modified-utf7.notForBrowser = true
# charsets that are subsets or variants of other charsets. We implement them
# as aliases to the superset
windows-936.notForBrowser = true
us-ascii.notForBrowser = true
iso-8859-6-e.notForBrowser = true
iso-8859-6-i.notForBrowser = true
ibm864i.notForBrowser = true
iso-8859-8-e.notForBrowser = true
# platform charsets that don't appear in web content
ibm869.notForBrowser = true
ibm1125.notForBrowser = true
ibm1131.notForBrowser = true
iso-8859-8-e.notForBrowser = true
utf-7.notForBrowser = true
# charset with isXSSVulnerable
x-mac-arabic.notForBrowser = true
x-mac-farsi.notForBrowser = true
x-mac-hebrew.notForBrowser = true
x-imap4-modified-utf7.notForBrowser = true
utf-7.notForBrowser = true
x-mac-arabic.isXSSVulnerable = true
x-mac-farsi.isXSSVulnerable = true
x-mac-hebrew.isXSSVulnerable = true
x-imap4-modified-utf7.isXSSVulnerable = true
utf-7.isXSSVulnerable = true
t.61-8bit.notForOutgoing = true
utf-7.notForOutgoing = true