github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-03 08:36:02 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
7468b78885
discourse/spec
History
Penar Musaraj 7468b78885
SECURITY: strip xlink:href from uploaded SVGs (#21058) 
This was inadvertently removed in 4c46c7e. In very specific scenarios,
this could be used execute arbitrary JavaScript.

Only affects instances where SVGs are allowed as uploads and CDN is not
configured.
2023-04-11 14:15:41 -04:00
..
fabricators DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
fixtures DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
helpers DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
import_export DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
initializers DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
integration FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) 2023-01-25 13:48:49 +02:00
integrity FIX: Fix incorrect hashtag setting migration (#19857) 2023-01-25 13:48:49 +02:00
jobs DEV: Fix threading error when running jobs immediately in system tests (#19811) 2023-01-10 13:41:25 +08:00
lib SECURITY: strip xlink:href from uploaded SVGs (#21058) 2023-04-11 14:15:41 -04:00
mailers DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
models SECURITY: Remove bypass for base_url 2023-01-25 13:53:22 +02:00
multisite DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
requests SECURITY: Limit URL length for theme remote (stable) (#20788) 2023-03-23 12:07:02 +00:00
script/import_scripts DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
serializers SECURITY: Default tags to show count of topics in unrestricted categories (#19929) 2023-01-20 11:59:37 +08:00
services SECURITY: Add FinalDestination::FastImage that's SSRF safe 2023-03-16 16:25:48 -06:00
support DEV: Introduce stub_ip_lookup spec helper (#20571) 2023-03-09 08:46:41 +08:00
system FIX: Failing system spec for rate limited search (#20046) 2023-02-01 19:05:58 -08:00
tasks DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
views DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
rails_helper.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00