IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""

Browse Source 
This reverts commit 20780a1eee.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)
This commit is contained in:
Michael Brown
2020-05-23 00:56:13 -04:00
parent 20780a1eee
commit d9a02d1336
236 changed files with 1031 additions and 715 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/topic_embed.rb
View File

@@ -109,6 +109,8 @@ class TopicEmbed < ActiveRecord::Base
url = UrlHelper.escape_uri(url)
original_uri = URI.parse(url)
raise URI::InvalidURIError unless original_uri.is_a?(URI::HTTP)
opts = {
tags: %w[div p code pre h1 h2 h3 b em i strong a img ul li ol blockquote],
attributes: %w[href src class],