github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 19:53:37 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
14b8cd5e17
discourse/app/assets/javascripts
History
Roman Rizzi 5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539) 
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
2022-01-18 09:38:31 -03:00
..
admin FIX: Improve emoji upload UI (#15603) 2022-01-17 11:48:49 +10:00
confirm-new-email
discourse FIX: Mark invites flash messages as HTML safe. (#15539) 2022-01-18 09:38:31 -03:00
discourse-common DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
discourse-hbr DEV: Re-allow node 17, with a warning (#15083) 2021-11-24 21:16:33 +01:00
discourse-widget-hbs DEV: Re-allow node 17, with a warning (#15083) 2021-11-24 21:16:33 +01:00
docs
ember-addons
locales DEV: Add count to missing translation strings (#15509) 2022-01-09 23:10:32 +01:00
pretty-text FEATURE: Add missing emojis (#15582) 2022-01-14 17:51:13 -03:00
select-kit FIX: correctly uses the name helper for selected content (#15610) 2022-01-17 12:18:43 +01:00
truth-helpers DEV: Re-allow node 17, with a warning (#15083) 2021-11-24 21:16:33 +01:00
wizard DEV: Refactor animation for invalid inputs in wizard (#15334) 2021-12-16 17:17:36 -05:00
.npmrc DEV: Prevent npm usage (#13945) 2021-08-04 22:04:58 +02:00
activate-account.js
admin.js.erb
app-boot.js
application.js DEV: Make screen-track a regular service (#14983) 2021-11-17 20:56:06 +01:00
auto-redirect.js
browser-detect.js FIX: Feature detect globalThis (#14410) 2021-09-22 11:39:41 -03:00
browser-update.js
discourse-loader.js Revert "A11Y: Improve create account modal for screen readers (#14204)" (#14233) 2021-09-03 09:42:56 +10:00
discourse-shims.js FEATURE: Local chunked uppy backup uploads with a new uploader plugin (#14894) 2021-11-23 08:45:42 +10:00
embed-application.js
ember_include.js.erb DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
ember_jquery.js
env.js
google-tag-manager.js
google-universal-analytics-v3.js
google-universal-analytics-v4.js
handlebars-shim.js
main_include_admin.js DEV: Remove old backup uploader and resumable.js (#15365) 2021-12-21 15:02:10 +10:00
markdown-it-bundle.js
onpopstate-handler.js
package.json
polyfills.js DEV: Remove iOS 9.3 polyfills (#15343) 2021-12-17 02:47:13 +01:00
pretty-text-bundle.js
print-page.js
service-worker.js.erb FIX: Add /session/sso service-worker workaround for chrome 97 (#15630) 2022-01-18 11:27:01 +00:00
set-prototype-polyfill.js
start-discourse.js DEV: Avoid using globals (#14909) 2021-11-13 13:10:13 +01:00
template_include.js
test-shims.js
vendor-common.js DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
vendor-theme-tests.js DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
vendor.js DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
widget-runtime.js
wizard-application.js
wizard-shims.js DEV: Use Uppy in wizard-field-image uploads (#15269) 2021-12-13 15:23:44 +10:00
wizard-start.js
wizard-vendor.js DEV: Drop jQuery file uploader and old upload components (#15376) 2021-12-22 08:59:44 +10:00
yarn.lock DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00