IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 09:26:54 -06:00
Code Issues Packages Projects Releases Wiki Activity
43,216 Commits 211 Branches 500 Tags 879 MiB
df3eb93973
Commit Graph

3 Commits

Author SHA1 Message Date
Roman Rizzi
df3eb93973
DEV: Sanitize HTML admin inputs (#14681) 
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
 2021-10-27 11:33:07 -03:00
Sam Saffron
4ea21fa2d0 DEV: use #frozen_string_literal: true on all spec 
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
 2019-04-30 10:27:42 +10:00
Maja Komel
65f3ed0689 UX: make name optional for confirmation user field (#7149) 2019-03-13 18:40:43 +01:00