discourse

github-mirror/discourse

Fork 0

mirror of https://github.com/discourse/discourse.git synced 2024-11-29 01:54:12 +08:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
David Taylor	5a003715d3	DEV: Apply syntax_tree formatting to `app/*`	2023-01-09 14:14:59 +00:00
Roman Rizzi	7b5f7b4484	FIX: Don't change the default allowed_attribute when calling #sanitize_field (#19770 )	2023-01-06 11:47:15 -03:00
Roman Rizzi	df3eb93973	DEV: Sanitize HTML admin inputs (#14681 ) * DEV: Sanitize HTML admin inputs This PR adds on-save HTML sanitization for: Client site settings translation overrides badges descriptions user fields descriptions I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](`018cf54073/lib/rails/html/sanitizer.rb (L108)`) * Make sure that the sanitization logic doesn't corrupt settings with special characters	2021-10-27 11:33:07 -03:00

David Taylor

5a003715d3

DEV: Apply syntax_tree formatting to app/*

2023-01-09 14:14:59 +00:00

Roman Rizzi

7b5f7b4484

FIX: Don't change the default allowed_attribute when calling #sanitize_field (#19770 )

2023-01-06 11:47:15 -03:00

Roman Rizzi

df3eb93973

DEV: Sanitize HTML admin inputs (#14681 )

* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters

2021-10-27 11:33:07 -03:00

3 Commits