github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-13 11:26:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
3510534261
discourse/lib/file_store
History
Martin Brennan 3f7658cc6e
SECURITY: Add content-disposition: attachment for SVG uploads 
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:54:45 +10:00
..
base_store.rb FIX: Improvements and fixes to the image downsizing script (#9950) 2020-06-11 14:47:59 +02:00
local_store.rb REFACTOR: Restoring of backups and migration of uploads to S3 2020-01-14 11:41:35 +01:00
s3_store.rb SECURITY: Add content-disposition: attachment for SVG uploads 2020-07-09 13:54:45 +10:00
to_s3_migration.rb SECURITY: Add content-disposition: attachment for SVG uploads 2020-07-09 13:54:45 +10:00