IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity
ce601ac84c
discourse/spec
History
Penar Musaraj 0ab3ba5f0d
SECURITY: strip xlink:href from uploaded SVGs (#21057) 
This was inadvertently removed in 4c46c7e. In very specific scenarios,
this could be used execute arbitrary JavaScript.

Only affects instances where SVGs are allowed as uploads and CDN is not
configured.
2023-04-11 14:10:44 -04:00
..
fabricators DEV: Define form template field inputs (#20430) 2023-03-01 11:07:13 -08:00
fixtures DEV: Allow DROP NOT NULL in pre-deploy migrations (#20775) 2023-03-22 14:43:32 +00:00
helpers DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
import_export DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
initializers DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
integration DEV: Update the rubocop setup (#20668) 2023-03-14 11:42:11 +01:00
integrity DEV: Colocate wizard component templates (#20309) 2023-02-15 11:29:22 +00:00
jobs FIX: Do not validate email in TL promotion (#20892) 2023-03-30 13:52:10 +10:00
lib SECURITY: strip xlink:href from uploaded SVGs (#21057) 2023-04-11 14:10:44 -04:00
mailers DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
models FEATURE: Persist password hashing algorithm/params in database (#20980) 2023-04-11 10:16:28 +01:00
multisite DEV: Add plugin hook for transforming site setting defaults (#20941) 2023-04-05 12:28:16 +01:00
requests DEV: Support in:<notification level> filter on /filter route (#21038) 2023-04-11 08:48:07 +08:00
script/import_scripts DEV: Correct syntax_tree violations 2023-02-02 13:03:11 +00:00
serializers FEATURE: public custom sidebar sections visible to anonymous (#20931) 2023-04-06 08:55:47 +10:00
services DEV: Fix random typos (#20937) 2023-04-03 19:27:32 +02:00
support DEV: Introduces a wait_for_animation system spec helper (#20573) 2023-03-08 16:49:20 +01:00
system FEATURE: public custom sidebar sections visible to anonymous (#20931) 2023-04-06 08:55:47 +10:00
tasks DEV: Capture output in hashtags spec (#20773) 2023-03-23 11:47:14 +10:00
views FEATURE: add category name in articleSection meta tag for schema. (#21004) 2023-04-06 23:30:19 +05:30
rails_helper.rb DEV: Change Bookmarkable registration to DiscoursePluginRegistry (#20556) 2023-03-08 10:39:12 +10:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00