forked from I2P_Developers/i2p.i2p
zzz
af575d6c95
- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel) - Add Content-Security-Policy and X-XSS-Protection headers - Disable changing news feed URL from UI - Disable plugin install from UI - Disable setting unsigned update URL from UI - Disable /configadvanced * DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit) * ExecNamingService: Disable (thx joernchen of Phenoelit) * Startup: Add susimail.config to migrated files
34 lines
1.0 KiB
Plaintext
34 lines
1.0 KiB
Plaintext
<%
|
|
// NOTE: Do the header carefully so there is no whitespace before the <?xml... line
|
|
|
|
response.setHeader("X-Frame-Options", "SAMEORIGIN");
|
|
response.setHeader("Content-Security-Policy", "default-src 'self'");
|
|
response.setHeader("X-XSS-Protection", "1; mode=block");
|
|
|
|
%><%@page pageEncoding="UTF-8"
|
|
%><%@page trimDirectiveWhitespaces="true"
|
|
%><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean"
|
|
%><%
|
|
String tun = request.getParameter("tunnel");
|
|
if (tun != null) {
|
|
try {
|
|
int curTunnel = Integer.parseInt(tun);
|
|
if (EditBean.staticIsClient(curTunnel)) {
|
|
%><jsp:include page="editClient.jsp" /><%
|
|
} else {
|
|
%><jsp:include page="editServer.jsp" /><%
|
|
}
|
|
} catch (NumberFormatException nfe) {
|
|
%>Invalid tunnel parameter<%
|
|
}
|
|
} else {
|
|
String type = request.getParameter("type");
|
|
int curTunnel = -1;
|
|
if (EditBean.isClient(type)) {
|
|
%><jsp:include page="editClient.jsp" /><%
|
|
} else {
|
|
%><jsp:include page="editServer.jsp" /><%
|
|
}
|
|
}
|
|
%>
|