github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-21 00:48:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/spec
History
Vinoth Kannan ded6ea66a5
FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714) 
This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.
2023-05-24 16:14:18 +05:30
..
fabricators
FIX: Fix for Default to subcategory when parent category does not allow posting (#21537)
2023-05-19 07:37:23 -05:00
fixtures
FIX: improve mailman email parsing (#21627)
2023-05-19 10:33:48 +02:00
helpers
DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893)
2023-02-13 12:39:45 +08:00
import_export
DEV: Apply syntax_tree formatting to spec/*
2023-01-09 11:49:28 +00:00
initializers
FEATURE: Add support for user badge revocation webhook events (#21204)
2023-04-24 20:36:40 +00:00
integration
FIX: Handle all UTF-8 characters (#21344)
2023-05-15 12:45:04 +03:00
integrity
DEV: Colocate wizard component templates (#20309)
2023-02-15 11:29:22 +00:00
jobs
FIX: consider users.created_at for inactive cleanup (#21688)
2023-05-23 13:41:23 +05:30
lib
FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714)
2023-05-24 16:14:18 +05:30
mailers
FIX: Likes received count in digest email (#21458)
2023-05-09 19:19:26 +02:00
models
DEV: Bump the limits on group request text fields
2023-05-24 09:57:46 +02:00
multisite
DEV: Add plugin hook for transforming site setting defaults (#20941)
2023-04-05 12:28:16 +01:00
requests
DEV: Bump the limits on group request text fields
2023-05-24 09:57:46 +02:00
script/import_scripts
DEV: Correct syntax_tree violations
2023-02-02 13:03:11 +00:00
serializers
DEV: Remove legacy user menu (#21308)
2023-05-17 09:16:42 -07:00
services
FIX: Do not cook icon with hashtags (#21676)
2023-05-23 09:33:55 +02:00
support
DEV: various improvements to devex on chat (#21612)
2023-05-17 17:49:52 +02:00
system
FIX: allow published pages to be added to sidebar (#21687)
2023-05-24 08:59:19 +10:00
tasks
DEV: Capture output in hashtags spec (#20773)
2023-03-23 11:47:14 +10:00
views
FEATURE: add category name in articleSection meta tag for schema. (#21004)
2023-04-06 23:30:19 +05:30
rails_helper.rb
DEV: Add a per-spec timeout (#21648)
2023-05-19 12:08:48 +02:00
regenerate_swagger_docs
DEV: Add API docs for uploads and API doc watcher (#15387)
2021-12-23 08:40:15 +10:00
swagger_helper.rb
DEV: Apply syntax_tree formatting to spec/*
2023-01-09 11:49:28 +00:00