From e94e1172426f90efa2f310582d8695ec24b1bb5c Mon Sep 17 00:00:00 2001 From: Matthew Gamble Date: Tue, 14 Feb 2017 18:14:59 +1100 Subject: [PATCH 1/2] Add rel=noopener to prevent window.opener attacks This is highly unlikely, but it never hurts to be cautious. --- tsstats/templates/index.jinja2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tsstats/templates/index.jinja2 b/tsstats/templates/index.jinja2 index 39d3e57..f0f812c 100644 --- a/tsstats/templates/index.jinja2 +++ b/tsstats/templates/index.jinja2 @@ -29,7 +29,7 @@

Server {{ server.sid }}

{% include 'stats.jinja2' %} {% endfor %} - Generated by TeamspeakStats at {{ creation_time|frmttime }} + Generated by TeamspeakStats at {{ creation_time|frmttime }} From 96156ca622773966abfcc139284821163425fa6d Mon Sep 17 00:00:00 2001 From: Matthew Gamble Date: Tue, 14 Feb 2017 18:17:35 +1100 Subject: [PATCH 2/2] Add no-referrer referrer policy to prevent leakage of sensitive info This prevents Referer headers from being sent when requesting any external assets, and when clicking on any offsite links. This includes the github link in the footer. This helps to prevent the leakage of sensitive details, such as private domain names. --- tsstats/templates/index.jinja2 | 1 + 1 file changed, 1 insertion(+) diff --git a/tsstats/templates/index.jinja2 b/tsstats/templates/index.jinja2 index f0f812c..4469a44 100644 --- a/tsstats/templates/index.jinja2 +++ b/tsstats/templates/index.jinja2 @@ -4,6 +4,7 @@ +