discourse/spec
Roman Rizzi 5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539)
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
2022-01-18 09:38:31 -03:00
..
components DEV: Fix failing test. 2022-01-11 11:45:22 +08:00
fabricators DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
fixtures FIX: Broken GitHub folder onebox logic (#15612) 2022-01-17 18:32:07 +01:00
helpers PERF: Redis snapshotting during tests (#15260) 2021-12-10 14:25:26 -06:00
import_export FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration FIX: Make thumbnail tests start with a clean slate (#15216) 2021-12-07 13:07:45 -06:00
integrity DEV: Fix a flaky Onceoff spec (#13314) 2021-06-07 20:38:31 +02:00
jobs FIX: Don't allow NULL values for notification_level in category_users (#15407) 2021-12-29 09:19:39 +11:00
lib FIX: origins_to_regexes should always return an array (#15589) 2022-01-17 12:48:41 -05:00
mailers DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
models FIX: Mark invites flash messages as HTML safe. (#15539) 2022-01-18 09:38:31 -03:00
multisite FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
requests FEATURE: Export topics to markdown (#15615) 2022-01-17 18:05:14 -03:00
script/import_scripts DEV: If disabled do not change setting after import (#12142) 2021-02-19 09:33:35 -07:00
serializers UX: change text of public_topic action code in login required sites. (#14764) 2022-01-11 11:35:16 +05:30
services DEV: Deprecate OAuth2Authenticator and OAuth2UserInfo (#15427) 2022-01-06 16:50:18 +00:00
support DEV: Fix git deprecation warnings in specs (#15503) 2022-01-09 20:26:19 +01:00
tasks DEV: Clean up old bookmark code (#15455) 2022-01-05 10:02:02 +10:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb DEV: Avoid $ globals (#15453) 2022-01-08 23:39:46 +01:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00