github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-25 06:10:46 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
31e31ef449
discourse/app
History
Martin Brennan 31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads 
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
..
assets UI: Markdown Code Wrapping (#10195) 2020-07-08 20:50:42 -04:00
controllers SECURITY: Add content-disposition: attachment for SVG uploads 2020-07-09 13:31:48 +10:00
helpers New bootstrap.json endpoint for starting up Discourse 2020-06-03 14:45:23 -04:00
jobs FIX: Do not send system emails to suspended users (#10192) 2020-07-08 13:30:32 -04:00
mailers FIX: Use correct URL for unsubscribe (#10077) 2020-06-24 09:31:20 +02:00
models Revert "FIX: Delete related search data when record has been deleted." 2020-07-09 10:08:35 +08:00
serializers FIX: Disable security keys at same time as TOTP 2FA (#10144) 2020-07-07 12:19:30 -07:00
services FEATURE: Parse images in email signatures (#10137) 2020-07-08 15:50:30 +10:00
views UX: Add Login button on 403 error page if user is not logged in (#10154) 2020-07-01 18:27:42 +03:00