com.atlassian.jira.web.filters
Class XContentTypeOptionsNoSniffFilter
java.lang.Object
com.atlassian.core.filters.AbstractHttpFilter
com.atlassian.jira.web.filters.XContentTypeOptionsNoSniffFilter
- All Implemented Interfaces:
- javax.servlet.Filter
public class XContentTypeOptionsNoSniffFilter
- extends com.atlassian.core.filters.AbstractHttpFilter
This exists solely to deal with a security vulnerability in Internet Explorer: JRA-28879
IE can be tricked into parsing a text/html page as a stylesheet if it contains certain characters. Hence, a JIRA page
can be loaded as a stylesheet on an external, malicious site and voila, XSS.
|
Method Summary |
void |
doFilter(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
javax.servlet.FilterChain chain)
|
| Methods inherited from class com.atlassian.core.filters.AbstractHttpFilter |
destroy, doFilter, init |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
XContentTypeOptionsNoSniffFilter
public XContentTypeOptionsNoSniffFilter()
doFilter
public void doFilter(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
javax.servlet.FilterChain chain)
throws javax.servlet.ServletException,
IOException
- Specified by:
doFilter in class com.atlassian.core.filters.AbstractHttpFilter
- Throws:
javax.servlet.ServletException
IOException
Copyright © 2002-2013 Atlassian. All Rights Reserved.