Skip to content

Commit

Permalink
Mitigate nonce-stealing attacks.
Browse files Browse the repository at this point in the history 
As discussed in #98, this patch attempts to mitigate
dangling markup injection attacks' ability to repurpose existing nonces
via clever injections.

It's not clear that we can ship this mitigation, as it's fairly expensive.
Accordingly, it's marked as 'at risk' in the document, pending further
investigation.
  • Loading branch information
@mikewest
mikewest committed Sep 1, 2016
1 parent 7c81f46 commit fe15bbb
Show file tree
Hide file tree
Showing 2 changed files with 271 additions and 201 deletions.
Loading

0 comments on commit fe15bbb

Please sign in to comment.