github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-21 15:13:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/app/assets/javascripts
History
Roman Rizzi 5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539) 
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
2022-01-18 09:38:31 -03:00
..
admin
FIX: Improve emoji upload UI (#15603)
2022-01-17 11:48:49 +10:00
confirm-new-email
discourse
FIX: Mark invites flash messages as HTML safe. (#15539)
2022-01-18 09:38:31 -03:00
discourse-common
DEV: Support for running theme test with Ember CLI (third attempt)
2022-01-13 16:02:07 -05:00
discourse-hbr
DEV: Re-allow node 17, with a warning (#15083)
2021-11-24 21:16:33 +01:00
discourse-widget-hbs
DEV: Re-allow node 17, with a warning (#15083)
2021-11-24 21:16:33 +01:00
docs
ember-addons
locales
DEV: Add count to missing translation strings (#15509)
2022-01-09 23:10:32 +01:00
pretty-text
FEATURE: Add missing emojis (#15582)
2022-01-14 17:51:13 -03:00
select-kit
FIX: correctly uses the name helper for selected content (#15610)
2022-01-17 12:18:43 +01:00
truth-helpers
DEV: Re-allow node 17, with a warning (#15083)
2021-11-24 21:16:33 +01:00
wizard
DEV: Refactor animation for invalid inputs in wizard (#15334)
2021-12-16 17:17:36 -05:00
.npmrc
activate-account.js
admin.js.erb
app-boot.js
application.js
DEV: Make screen-track a regular service (#14983)
2021-11-17 20:56:06 +01:00
auto-redirect.js
browser-detect.js
FIX: Feature detect globalThis (#14410)
2021-09-22 11:39:41 -03:00
browser-update.js
discourse-loader.js
Revert "A11Y: Improve create account modal for screen readers (#14204)" (#14233)
2021-09-03 09:42:56 +10:00
discourse-shims.js
FEATURE: Local chunked uppy backup uploads with a new uploader plugin (#14894)
2021-11-23 08:45:42 +10:00
embed-application.js
ember_include.js.erb
DEV: Support for running theme test with Ember CLI (third attempt)
2022-01-13 16:02:07 -05:00
ember_jquery.js
env.js
google-tag-manager.js
google-universal-analytics-v3.js
google-universal-analytics-v4.js
handlebars-shim.js
main_include_admin.js
DEV: Remove old backup uploader and resumable.js (#15365)
2021-12-21 15:02:10 +10:00
markdown-it-bundle.js
onpopstate-handler.js
package.json
polyfills.js
DEV: Remove iOS 9.3 polyfills (#15343)
2021-12-17 02:47:13 +01:00
pretty-text-bundle.js
print-page.js
service-worker.js.erb
FIX: Add /session/sso service-worker workaround for chrome 97 (#15630)
2022-01-18 11:27:01 +00:00
set-prototype-polyfill.js
start-discourse.js
DEV: Avoid using globals (#14909)
2021-11-13 13:10:13 +01:00
template_include.js
test-shims.js
vendor-common.js
DEV: Support for running theme test with Ember CLI (third attempt)
2022-01-13 16:02:07 -05:00
vendor-theme-tests.js
DEV: Support for running theme test with Ember CLI (third attempt)
2022-01-13 16:02:07 -05:00
vendor.js
DEV: Support for running theme test with Ember CLI (third attempt)
2022-01-13 16:02:07 -05:00
widget-runtime.js
wizard-application.js
wizard-shims.js
DEV: Use Uppy in wizard-field-image uploads (#15269)
2021-12-13 15:23:44 +10:00
wizard-start.js
wizard-vendor.js
DEV: Drop jQuery file uploader and old upload components (#15376)
2021-12-22 08:59:44 +10:00
yarn.lock
DEV: Support for running theme test with Ember CLI (third attempt)
2022-01-13 16:02:07 -05:00