discourse

Commit Graph

Author	SHA1	Message	Date
Roman Rizzi	5e4c0e2caa	FEATURE: Treat site settings as plain text and add a new HTML type. (#12618 ) To add an extra layer of security, we sanitize settings before shipping them to the client. We don't sanitize those that have the "html" type. The CookedPostProcessor already uses Loofah for sanitization, so I chose to also use it for this. I added it to our gemfile since we installed it as a transitive dependency.	2021-04-07 12:51:19 -03:00

Author

SHA1

Message

Date

Roman Rizzi

5e4c0e2caa

FEATURE: Treat site settings as plain text and add a new HTML type. (#12618 )

To add an extra layer of security, we sanitize settings before shipping them to the client. We don't sanitize those that have the "html" type.

The CookedPostProcessor already uses Loofah for sanitization, so I chose to also use it for this. I added it to our gemfile since we installed it as a transitive dependency.

2021-04-07 12:51:19 -03:00

1 Commits