id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking
320	Additional XSS protection for the usage of SVG files?	TC Haddad	Jeff McKenna	"This config modification was suggested in a Joomla security notice, and I wondered if you think it worth including in MS4W:

''""This rule will protect users of svg files from potential Cross-Site-Scripting (XSS) vulnerabilities.""''


{{{
<FilesMatch ""\.svg$"">
  <IfModule mod_headers.c>
    Header always set Content-Security-Policy ""script-src 'none'""
  </IfModule>
</FilesMatch>
}}}
"	enhancement	new	critical	future	MS4W - Apache	4.0.5