github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-13 08:53:44 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
3f7658cc6e
discourse/app
History
Martin Brennan 3f7658cc6e
SECURITY: Add content-disposition: attachment for SVG uploads 
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:54:45 +10:00
..
assets FIX: Support root paths that omit the trailing slash and have QPs 2020-07-02 15:13:44 -04:00
controllers SECURITY: Add content-disposition: attachment for SVG uploads 2020-07-09 13:54:45 +10:00
helpers New bootstrap.json endpoint for starting up Discourse 2020-06-03 14:45:23 -04:00
jobs DEV: improve verbose mode for reindexer 2020-06-24 17:29:45 +10:00
mailers FIX: Use correct URL for unsubscribe (#10077) 2020-06-24 09:31:20 +02:00
models FIX: uploading an existing image as a site setting 2020-07-03 19:19:14 +02:00
serializers FIX: uploading an image as a site setting 2020-07-03 14:59:15 +02:00
services FIX: update theme fields when updating from ThemesInstallTask (#10143) 2020-07-02 15:12:15 -04:00
views FIX: Search was not multisite aware 2020-07-02 15:13:32 -04:00