Craftadoc/clsi
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Send .svg files as text/plain to prevent executable JS if they are loaded as SVG in the browser

Browse Source
This commit is contained in:
James Allen
2016-03-10 09:32:32 +00:00
parent a3383f11a1
commit 89acd36dde
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/coffee/ContentTypeMapper.coffee
View File

@@ -6,7 +6,7 @@ Path = require 'path'
module.exports = ContentTypeMapper =
map: (path) ->
switch Path.extname(path)
when '.txt', '.html', '.js', '.css'
when '.txt', '.html', '.js', '.css', '.svg'
return 'text/plain'
when '.csv'
return 'text/csv'
@@ -20,7 +20,5 @@ module.exports = ContentTypeMapper =
return 'image/tiff'
when '.gif'
return 'image/gif'
when '.svg'
return 'image/svg+xml'
else
return 'application/octet-stream'