github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-24 14:14:27 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/app/models/concerns
History
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681) 
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
2021-10-27 11:33:07 -03:00
..
reports
FEATURE: Add post edits count to user activity (#13495)
2021-08-02 10:15:53 -04:00
anon_cache_invalidator.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
cached_counting.rb
DEV: s/\$redis/Discourse\.redis (#8431)
2019-12-03 10:05:53 +01:00
category_hashtag.rb
FIX: Improve category hashtag lookup (#10133)
2020-07-07 10:19:01 +10:00
has_custom_fields.rb
FIX: Nil-filled CF arrays were not being deleted (#13518)
2021-06-25 11:34:51 +02:00
has_destroyed_web_hook.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
has_sanitizable_fields.rb
DEV: Sanitize HTML admin inputs (#14681)
2021-10-27 11:33:07 -03:00
has_search_data.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
has_url.rb
DEV: Make site setting type uploaded_image_list use upload IDs (#10401)
2020-10-13 16:17:06 +03:00
limited_edit.rb
REFACTOR: Edit title respects min trust to edit post
2020-02-05 10:36:24 -07:00
positionable.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
roleable.rb
FEATURE: set notification levels when added to a group (#10378)
2020-08-06 12:27:27 -04:00
searchable.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
second_factor_manager.rb
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)
2021-02-08 10:04:33 +00:00
stats_cacheable.rb
DEV: s/\$redis/Discourse\.redis (#8431)
2019-12-03 10:05:53 +01:00
topic_tracking_state_publishable.rb
FEATURE: Publish read topic tracking events for private messages. (#14274)
2021-09-09 09:16:53 +08:00
trashable.rb
DEV: Remove with_deleted workarounds for old Rails version (#11550)
2020-12-22 10:38:59 +11:00