Commit Graph

26 Commits

Author SHA1 Message Date
Robin Ward c1d321369b We don't need to allow `track` and `meter` 2015-09-18 15:37:56 -04:00
Sam fbbd4999b6 FIX: remove invalid hack, correct whitelist to use value returned from callback 2014-07-25 12:16:00 +10:00
Robin Ward 43b997c1ce TRIVIAL: Santiize some extra attributes from images 2014-07-04 13:22:48 -04:00
Robin Ward fc1ce96dbb FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
2014-07-03 16:55:36 -04:00
Robin Ward a7ad7f6a45 Remove some obscure HTML tags from sanitization 2014-06-24 11:03:45 -04:00
Robin Ward a57ecef253 BUGFIX: Do not allow `font` tags. 2014-02-20 11:10:56 -05:00
Kane York 9f8f0f115c Restore 'article' to whitelist 2014-02-18 16:22:42 -08:00
Kane York 2e864f5ad7 Remove audio and video tags as well 2014-02-13 21:47:13 -08:00
Kane York 5b819f191a Removing more stuff from the sanitizer whitelist 2014-02-13 20:18:40 -08:00
Robin Ward af5254d3b4 FIX: Remove `canvas` tag. 2014-02-05 12:22:36 -05:00
Robin Ward 8adb08a9ca FIX: Don't allow `<button>` in posts either. 2014-02-04 16:29:00 -05:00
Robin Ward abffcd9f94 FIX: Blacklist `<textarea>` 2014-02-04 12:48:33 -05:00
Robin Ward b90e811825 FIX: We don't need support for `rows` or `cols` in `textarea`. 2013-12-23 18:11:35 -05:00
Régis Hanol 06dd7ffe3c better revision history 2013-12-12 03:41:34 +01:00
Robin Ward 0ece195723 Blacklist <center> 2013-12-04 11:43:20 -05:00
Régis Hanol 9b6538832d whitelist google.com/maps iframes 2013-11-29 18:08:53 +01:00
Robin Ward d9a16079a5 FIX: Do not allow users to create tables 2013-10-21 13:32:15 -04:00
Robin Ward 5281b7f80c Upgraded and refactored Sanitizing. Much less crap should get through now!
Conflicts:
	app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-15 10:53:11 -04:00
Robin Ward af931f0444 Reverting the Sanitizer commit in case we have to do something urgent
before we deploy it early next week. It's in the branch `sanitizer` for
now.

This reverts commit 9e93d8ed52.
2013-10-11 16:44:26 -04:00
Robin Ward 9e93d8ed52 Upgraded and refactored Sanitizing. Much less crap should get through now!
Conflicts:
	app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-11 16:25:40 -04:00
Régis Hanol ede9d2a0a8 show diff in post history view 2013-04-29 03:20:51 +02:00
Robin Ward 88267429c5 Remove fastclick for now -- we saw some regressions on iPad and want to make sure they weren't caused by
it.
2013-02-26 10:47:23 -05:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Sam Saffron b9f3666f5a fast click instead of hacky double event binding 2013-02-25 11:11:46 +11:00
Robin Ward f661fa609e Convert all CoffeeScript to Javascript. See:
http://meta.discourse.org/t/is-it-better-for-discourse-to-use-javascript-or-coffeescript/3153
2013-02-20 19:01:13 -05:00
Sam Saffron 0c085059c9 added sane sanitizer (Google Cajole) that is much more robust than old one ... yay for smilies
added sane way to do $LAB includes - pattern to be expanded
people keep on messing structure.sql
2013-02-20 16:11:56 +11:00