Merge pull request #496 from axa-group/security_fix

Security fix

Author: dafelix42

demo/doc-versioning/doc_versioning/gui/document.html

@@ -21,7 +21,16 @@
 
         <!-- differ
         -- --------------------------------------------------- -->
-
+        
+        <!-- clickjacking protection-->
+        <style> html {display : none; } </style>
+        <script>
+            if ( self === top ) {
+                document.documentElement.style.display = 'block';
+            } else {
+                top.location = self.location;
+            }
+        </script>
     </head>
     <body>
         <div style="text-align: center; margin-top: 50px; margin-left: 50px">

demo/doc-versioning/doc_versioning/gui/index.html

@@ -20,7 +20,7 @@
         <link rel="stylesheet" href="{{ url_for('static', filename='css/skeleton.css') }}">
     </head>
     <body>
-        <a href="http://par.sr" target="_blank" style="outline:none;border:none;" onclick="openLink(event)">
+        <a href="http://par.sr" target="_blank" rel="noopener noreferrer" style="outline:none;border:none;" onclick="openLink(event)">
             <img src="{{ url_for('static', filename='images/logo.png') }}" width="15%" alt="Parsr Powered" border="0" />
         </a>
         <div style="text-align: center; margin-top: 50px;">

demo/echo-module-py/echo-module.py

@@ -21,13 +21,15 @@
 
 class PostHandler(BaseHTTPRequestHandler):
 	def do_POST(self):
+
 		content_length = int(self.headers['Content-Length'])
 		post_data = self.rfile.read(content_length)
 		json_data = json.loads(post_data)
 
 		new_json_data = process_data(json_data)
 
 		self.send_response(200)
+		self.send_header("Content-type", "application/json")
 		self.end_headers()
 		self.wfile.write(json.dumps(new_json_data).encode('utf8'))