Manual:$wgMangleFlashPolicy/de
 | Diese Funktion wurde in der Version 1.40.0 vollständig entfernt. |
| Ausgabe: $wgMangleFlashPolicy | |
|---|---|
Whether to mangle any <cross-domain-policy> (Adobe cross-domain policy) tags, to prevent XSS attacks. |
|
| Eingeführt in Version: | 1.23.7 (Gerrit change 174289; git #92f22cd4) |
| Veraltet in Version: | 1.39.0 (Gerrit change 815827; git #51ddd706) |
| Entfernt in Version: | 1.40.0 (Gerrit change 838769; git #bb10b7d5) |
| Erlaubte Werte: | (Wahrheitswert) |
| Standardwert: | true |
| Andere Einstellungen: Alphabetisch | Nach Funktion | |
Details
When this is set to true, any occurrences of <cross-domain-policy> in sanitised output will be altered to <NOT-cross-domain-policy>. Without this, an attacker can potentially send their own Adobe cross-domain policy unless it is prevented by the crossdomain.xml file at the domain root.
You should only set this to false if you have a crossdomain.xml file in the root of your website (e.g. http://example.com/crossdomain.xml).
Category:MediaWiki configuration settings/de
Category:MediaWiki configuration settings deprecated in version 1.39.0/de
Category:MediaWiki configuration settings introduced in version 1.23.7/de
Category:MediaWiki configuration settings removed in version 1.40.0/de
Category:MediaWiki deprecated or obsolete features/de
Category:Output variables/de