• [XSS] Protection against exploitation of classic MS ASP's coalescing of same-name query parameters (thanks Soroush Dalili for reporting) • [XSS] Protection against URL injections in in window.name • XSS] Fixed case-sensitivity bug in detection of unicode escape sequences (thanks Masato Kinugawa for reporting) • [Surrogate] adagionet.com inclusion surrogate • Fixed "Allow sites open through bookmarks" regression (thanks jerryi and therube for reporting) • [XSS] Fixed bug in the InjectionChecker tokenization (thanks Phil Purviance for reporting) • Added inclusion type check exception to the lesscss Google Code file repository, often used as a CDN
·
