X-Git-Url: https://git.martlubbers.net/?a=blobdiff_plain;f=report%2Fv11_httpsec.tex;h=1b0cc4fe3340bc76965d88bb6b1cc51b126911f5;hb=f907dd355223b6c59eb774880b391969fd7543b8;hp=4fb8da8384e686744c81d603890e9b772e8480fb;hpb=c7388c6be83d270119266dd7ff2170fc689a15b3;p=ssproject1617.git

diff --git a/report/v11_httpsec.tex b/report/v11_httpsec.tex
index 4fb8da8..1b0cc4f 100644
--- a/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@ -18,7 +18,7 @@ Verify that every \HTTP{} response contains a
 content type header specifying a safe character set
 (e.g., \emph{UTF-8}, \emph{ISO 8859{-}1}).
 \begin{result}
-    Content type headers may be set anywhere in the application. Furthermure,
+    Content type headers may be set anywhere in the application. Furthermure,\\
     \code{Response::send} ensures that if no content type header is set, all
     responses will fall back to using \code{text/html; charset=UTF-8}.
 \end{result}
@@ -37,7 +37,8 @@ viewed in a 3rd-party X-Frame.
 \begin{result}
     The application will never supply an \code{X-FRAME-OPTIONS} header. While
     this is not really a problem for the home page, a 3rd party X-Frame should
-    not be able to refer to the administrative interfaces of the application.
+    not be able to refer to the administrative interfaces of the application
+    and this should be fixed.
 \end{result}
 
 \item\pass{}