Robin Ward
|
c1d321369b
|
We don't need to allow `track` and `meter`
|
2015-09-18 15:37:56 -04:00 |
Sam
|
fbbd4999b6
|
FIX: remove invalid hack, correct whitelist to use value returned from callback
|
2014-07-25 12:16:00 +10:00 |
Robin Ward
|
43b997c1ce
|
TRIVIAL: Santiize some extra attributes from images
|
2014-07-04 13:22:48 -04:00 |
Robin Ward
|
fc1ce96dbb
|
FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
|
2014-07-03 16:55:36 -04:00 |
Robin Ward
|
a7ad7f6a45
|
Remove some obscure HTML tags from sanitization
|
2014-06-24 11:03:45 -04:00 |
Robin Ward
|
a57ecef253
|
BUGFIX: Do not allow `font` tags.
|
2014-02-20 11:10:56 -05:00 |
Kane York
|
9f8f0f115c
|
Restore 'article' to whitelist
|
2014-02-18 16:22:42 -08:00 |
Kane York
|
2e864f5ad7
|
Remove audio and video tags as well
|
2014-02-13 21:47:13 -08:00 |
Kane York
|
5b819f191a
|
Removing more stuff from the sanitizer whitelist
|
2014-02-13 20:18:40 -08:00 |
Robin Ward
|
af5254d3b4
|
FIX: Remove `canvas` tag.
|
2014-02-05 12:22:36 -05:00 |
Robin Ward
|
8adb08a9ca
|
FIX: Don't allow `<button>` in posts either.
|
2014-02-04 16:29:00 -05:00 |
Robin Ward
|
abffcd9f94
|
FIX: Blacklist `<textarea>`
|
2014-02-04 12:48:33 -05:00 |
Robin Ward
|
b90e811825
|
FIX: We don't need support for `rows` or `cols` in `textarea`.
|
2013-12-23 18:11:35 -05:00 |
Régis Hanol
|
06dd7ffe3c
|
better revision history
|
2013-12-12 03:41:34 +01:00 |
Robin Ward
|
0ece195723
|
Blacklist <center>
|
2013-12-04 11:43:20 -05:00 |
Régis Hanol
|
9b6538832d
|
whitelist google.com/maps iframes
|
2013-11-29 18:08:53 +01:00 |
Robin Ward
|
d9a16079a5
|
FIX: Do not allow users to create tables
|
2013-10-21 13:32:15 -04:00 |
Robin Ward
|
5281b7f80c
|
Upgraded and refactored Sanitizing. Much less crap should get through now!
Conflicts:
app/assets/javascripts/discourse/components/syntax_highlighting.js
|
2013-10-15 10:53:11 -04:00 |
Robin Ward
|
af931f0444
|
Reverting the Sanitizer commit in case we have to do something urgent
before we deploy it early next week. It's in the branch `sanitizer` for
now.
This reverts commit 9e93d8ed52 .
|
2013-10-11 16:44:26 -04:00 |
Robin Ward
|
9e93d8ed52
|
Upgraded and refactored Sanitizing. Much less crap should get through now!
Conflicts:
app/assets/javascripts/discourse/components/syntax_highlighting.js
|
2013-10-11 16:25:40 -04:00 |
Régis Hanol
|
ede9d2a0a8
|
show diff in post history view
|
2013-04-29 03:20:51 +02:00 |
Robin Ward
|
88267429c5
|
Remove fastclick for now -- we saw some regressions on iPad and want to make sure they weren't caused by
it.
|
2013-02-26 10:47:23 -05:00 |
Gosha Arinich
|
cafc75b238
|
remove trailing whitespaces ❤️
|
2013-02-26 07:31:35 +03:00 |
Sam Saffron
|
b9f3666f5a
|
fast click instead of hacky double event binding
|
2013-02-25 11:11:46 +11:00 |
Robin Ward
|
f661fa609e
|
Convert all CoffeeScript to Javascript. See:
http://meta.discourse.org/t/is-it-better-for-discourse-to-use-javascript-or-coffeescript/3153
|
2013-02-20 19:01:13 -05:00 |
Sam Saffron
|
0c085059c9
|
added sane sanitizer (Google Cajole) that is much more robust than old one ... yay for smilies
added sane way to do $LAB includes - pattern to be expanded
people keep on messing structure.sql
|
2013-02-20 16:11:56 +11:00 |