github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-19 14:32:46 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
fa6b87a1bf
discourse/app
History
Martin Brennan fa6b87a1bf
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) 
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:43:03 +10:00
..
assets SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) 2021-11-22 10:43:03 +10:00
controllers DEV: Extract shared external upload routes into controller helper (#14984) 2021-11-18 09:17:23 +10:00
helpers DEV: Allow actions to change the manifest endpoint (#14522) 2021-10-06 15:41:52 -05:00
jobs FIX: Drop malformed CC addresses in GroupSmtpEmail job (#14934) 2021-11-16 08:15:11 +10:00
mailers FIX: Do not show recipient user in email participants list (#14642) 2021-10-19 15:26:22 +10:00
models PERF: Reduce records queried in UserStat.update_first_unread_pm. (#15016) 2021-11-19 15:30:39 +11:00
serializers FIX: rename action_code_href to action_code_path (#14834) 2021-11-08 14:32:17 +11:00
services FIX: Cache all watched words (#14992) 2021-11-17 18:59:44 +02:00
views PERF: Move preload hints to the <head> (#15008) 2021-11-18 18:02:16 +00:00