SEC-2269: Fix additional links

2025-07-25 11:43:29 +00:00 · 2013-08-20 14:02:33 -05:00 · 2013-08-20 14:02:33 -05:00 · a3a432f7b6
commit a3a432f7b6
parent 3b2156969d
2 changed files with 27 additions and 25 deletions
--- a/docs/manual/src/docbook/appendix-namespace.xml
+++ b/docs/manual/src/docbook/appendix-namespace.xml
@ -420,13 +420,13 @@
        </section>
        <section xml:id="nsa-xss-protection">
            <title><literal>&lt;xss-protection&gt;</literal></title>
-            <para>Adds the <a href="http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx">X-XSS-Protection header</a>
+            <para>Adds the <link xlink:href="http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx">X-XSS-Protection header</link>
-                to the response to assist in protecting against <a href="http://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent">reflected / “Type-1” Cross-Site Scripting (XSS)</a>
+                to the response to assist in protecting against <link xlink:href="http://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent">reflected / “Type-1” Cross-Site Scripting (XSS)</link>
                attacks. This is in no-way a full protection to XSS attacks!</para>
            <section xml:id="nsa-xss-protection-attributes">
                <section xml:id="nsa-xss-protection-enabled">
                    <title><literal>xss-protection-enabled</literal></title>
-                    <para>Enable or Disable <a href="http://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent">reflected / “Type-1” Cross-Site Scripting (XSS)</a> protection.</para>
+                    <para>Enable or Disable <link xlink:href="http://en.wikipedia.org/wiki/Cross-site_scripting#Non-Persistent">reflected / “Type-1” Cross-Site Scripting (XSS)</link> protection.</para>
                </section>
                <section xml:id="nsa-xss-protection-block">
                    <title><literal>xss-protection-block</literal></title>
@ -446,7 +446,7 @@
        <section xml:id="nsa-content-type-options">
            <title><literal>&lt;content-type-options&gt;</literal></title>
            <para>Add the X-Content-Type-Options header with the value of nosniff to the response. This
-                <a href="http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx">disables MIME-sniffing</a>
+                <link xlink:href="http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx">disables MIME-sniffing</link>
                for IE8+ and Chrome extensions.</para>
            <section xml:id="nsa-content-type-options-parents">
                <title>Parent Elements of <literal>&lt;content-type-options&gt;</literal></title>
--- a/docs/manual/src/docbook/namespace-config.xml
+++ b/docs/manual/src/docbook/namespace-config.xml
@ -629,32 +629,34 @@ List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
            <para>A lot of different attacks to hijack content, sessions or connections are available and lately
                browsers (optionally) can help to prevent those attacks. To enable these features we need to send some
                additional headers to the client. Spring Security allows for easy configuration for several headers.
-                <programlisting language="xml">
+                <programlisting language="xml"><![CDATA[
-                    <![CDATA[
+<http ...>
-                            <headers/>
+    ...
-                    ]]>
+    <headers/>
 </http>]]>
                </programlisting>
            </para>
            <para>Specifying the single headers element adds all the explicitly supported headers
                with their default settings. If you only want select headers to be added,
                you can add one or more of the child elements as shown below.
-                <programlisting language="xml">
+                <programlisting language="xml"><![CDATA[
-                    <![CDATA[
+<http ...>
-                            <headers>
+    ...
-                                <!-- Add Cache-Control and Pragma headers -->
+    <headers>
-                                <cache-control/>
+        <!-- Add Cache-Control and Pragma headers -->
-                                <!-- Add X-Content-Type-Options with value of nosniff -->
+        <cache-control/>
-                                <content-type-options/>
+        <!-- Add X-Content-Type-Options with value of nosniff -->
-                                <!-- Add custom headers -->
+        <content-type-options/>
-                                <header name="foo" value="bar"/>
+        <!-- Add custom headers -->
-                                <-- Adds HTTP Strict Transport Security (HSTS) for secure requests -->
+        <header name="foo" value="bar"/>
-                                <hsts/>
+        <-- Adds HTTP Strict Transport Security (HSTS) for secure requests -->
-                                <!-- Add X-Frame-Options with a value of DENY -->
+        <hsts/>
-                                <frame-options/>
+        <!-- Add X-Frame-Options with a value of DENY -->
-                                <!-- Adds X-XSS-Protection with value of 1; mode=block-->
+        <frame-options/>
-                                <xss-protection/>
+        <!-- Adds X-XSS-Protection with value of 1; mode=block-->
-                            </headers>
+        <xss-protection/>
-                    ]]>
+    </headers>
 </http>]]>
                </programlisting>
            </para>
            <para>For additional information on how to customize the headers element refer to the <link xlink:href="#nsa-headers">headers</link>