discourse/lib/site_settings
Roman Rizzi 5e4c0e2caa
FEATURE: Treat site settings as plain text and add a new HTML type. (#12618)
To add an extra layer of security, we sanitize settings before shipping them to the client. We don't sanitize those that have the "html" type.

The CookedPostProcessor already uses Loofah for sanitization, so I chose to also use it for this. I added it to our gemfile since we installed it as a transitive dependency.
2021-04-07 12:51:19 -03:00
..
db_provider.rb FIX: site settings loading default values when no db 2019-06-14 14:21:07 +10:00
defaults_provider.rb FEATURE: Add English (UK) as locale (#11768) 2021-01-20 21:32:22 +01:00
deprecated_settings.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
local_process_provider.rb FIX: SiteSettings::LocalProcessProvider didn't work on multisite 2020-08-20 11:15:20 +02:00
type_supervisor.rb FEATURE: Treat site settings as plain text and add a new HTML type. (#12618) 2021-04-07 12:51:19 -03:00
validations.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
yaml_loader.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00