github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 18:23:43 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
4a0f73a337
discourse/lib/stylesheet
History
David Taylor 6e9bb84d12
FIX: Ensure theme names are escaped in HTML attributes (#15272) 
If a theme name contained a double-quote, this problem could lead to invalid/unexpected HTML in the `<head>`

Note that this is not considered a security issue because themes can only be installed/named by administrators, and themes/administrators already have the ability to run arbitrary javascript.
2021-12-13 10:50:09 +00:00
..
manager DEV: Compile core and plugin stylesheets independently of themes (#13638) 2021-07-06 13:11:10 -04:00
compiler.rb DEV: Compile core and plugin stylesheets independently of themes (#13638) 2021-07-06 13:11:10 -04:00
functions.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
importer.rb DEV: Change method used to reference custom font assets (#13446) 2021-06-21 09:33:12 -04:00
manager.rb FIX: Ensure theme names are escaped in HTML attributes (#15272) 2021-12-13 10:50:09 +00:00
watcher.rb DEV: Watch for changes in wizard.scss (#14119) 2021-08-23 13:39:53 -04:00