github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-12 15:33:55 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
715d4de981
discourse/app
History
Martin Brennan 715d4de981
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) 
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:46:07 +10:00
..
assets SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) 2021-11-22 10:46:07 +10:00
controllers FIX: Make autotag watched words case insensitive (#13043) 2021-05-14 16:52:10 +03:00
helpers FIX: Allow file-change events soon after reloading (#13065) 2021-05-14 12:36:53 -04:00
jobs SECURITY: Improve validation of SNS subscription confirm (#14672) 2021-10-20 22:20:35 +01:00
mailers FEATURE: Auto-activate users invited by email (#12675) 2021-04-14 12:15:56 +03:00
models SECURITY: User's read state for topic is leaked to unauthorized clients. 2021-08-12 12:44:39 +08:00
serializers SECURITY: XSS in bookmarks list (#13311) 2021-06-07 16:59:12 +02:00
services FIX: Make replace watched words work with wildcard (#13084) 2021-05-18 12:09:47 +03:00
views DEV: Minor changes to /theme-qunit landing page (#13032) 2021-05-11 10:45:07 -04:00