github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 03:09:00 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
2fc8e923b6
discourse/lib/validators
History
Roman Rizzi 5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539) 
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
2022-01-18 09:38:31 -03:00
..
allow_user_locale_enabled_validator.rb
allowed_ip_address_validator.rb
alternative_reply_by_email_addresses_validator.rb
categories_topics_validator.rb
category_search_priority_weights_validator.rb
censored_words_validator.rb
color_list_validator.rb
css_color_validator.rb FIX: Validate email_accent_bg_color color (#13778) 2021-07-22 17:42:47 +03:00
email_setting_validator.rb
email_validator.rb FIX: Mark invites flash messages as HTML safe. (#15539) 2022-01-18 09:38:31 -03:00
enable_invite_only_validator.rb
enable_local_logins_via_email_validator.rb
enable_private_email_messages_validator.rb
enable_sso_validator.rb
external_system_avatars_validator.rb
google_oauth2_hd_groups_validator.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
group_setting_validator.rb
integer_setting_validator.rb
ip_address_format_validator.rb
markdown_typographer_quotation_marks_validator.rb
max_emojis_validator.rb
max_username_length_validator.rb
min_username_length_validator.rb
not_username_validator.rb FEATURE: Mention @here to notify users in topic (#14900) 2021-11-23 22:25:54 +02:00
password_validator.rb
pop3_polling_enabled_setting_validator.rb DEV: Use EmailSettingsValidator in more places (#15404) 2022-01-04 08:30:48 +10:00
post_validator.rb FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
quality_title_validator.rb
regex_presence_validator.rb
regex_setting_validation.rb
regex_setting_validator.rb
reply_by_email_address_validator.rb
reply_by_email_enabled_validator.rb
selectable_avatars_enabled_validator.rb
sso_overrides_email_validator.rb
string_setting_validator.rb
stripped_length_validator.rb FIX: post merging was failing silently (#12566) 2021-04-01 06:46:18 +05:30
timezone_validator.rb
topic_title_length_validator.rb
unicode_username_allowlist_validator.rb
unicode_username_validator.rb
unique_among_validator.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
upload_validator.rb FEATURE: Humanize file size error messages (#14398) 2021-09-22 07:59:45 +10:00
url_validator.rb
user_full_name_validator.rb
username_setting_validator.rb
watched_words_validator.rb SECURITY: Escape watched word in error message (#14434) 2021-09-24 11:55:15 +03:00