github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-11-28 03:33:37 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
2acef3c2ec
BookStack/app/Http
History
Dan Brown 349162ea13
Prevented possible XSS via link attachments 
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
..
Controllers Prevented possible XSS via link attachments 2020-10-31 15:01:52 +00:00
Middleware Updated locale lists for Bulgarian 2020-09-19 15:36:17 +01:00
Requests Change application namespace to BookStack 2015-09-10 19:31:09 +01:00
Kernel.php Removed throttling from web-end requests 2020-04-11 20:02:07 +01:00
Request.php Ran phpcbf and updated helpers typehinting 2019-09-15 18:29:51 +01:00