discourse

mirror of https://github.com/discourse/discourse.git synced 2024-11-25 09:42:07 +08:00

History

Vinoth Kannan ded6ea66a5 FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714 ) This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.		2023-05-24 16:14:18 +05:30
..
addon	FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714 )	2023-05-24 16:14:18 +05:30
app	DEV: Move pretty-text into an ember-addon format (#9689 )	2020-05-07 12:37:47 -04:00
config	DEV: Update ember-cli to 4.12.0 (#21074 )	2023-04-19 12:58:29 +02:00
engines/discourse-markdown	FIX: Do not cook icon with hashtags (#21676 )	2023-05-23 09:33:55 +02:00
.npmrc	DEV: Prevent npm usage (#13945 )	2021-08-04 22:04:58 +02:00
ember-cli-build.js	DEV: Update ember-cli to 4.12.0 (#21074 )	2023-04-19 12:58:29 +02:00
index.js	REFACTOR: Support bundling our `admin` section as an ember addon	2020-09-22 15:14:29 -04:00
jsconfig.json	DEV: Add `discourse/tests` to jsconfig (#19031 )	2022-11-15 11:33:56 +00:00
package.json	Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts (#21650 )	2023-05-19 09:14:26 +02:00