Commit Graph

20 Commits

Author SHA1 Message Date
Robin Ward f51cbc8952 FIX: @mentions should not be processed within links 2014-05-06 17:48:30 -04:00
Robin Ward ba683bc611 FIX: XSS in markdown converter. 2014-04-28 14:44:15 -04:00
Robin Ward ed6e2b1d79 Remove Zalgo API from `Discourse.Mention`:
http://blog.izs.me/post/59142742143/designing-apis-for-asynchrony -
Thanks @riking for finding it.
2014-04-14 16:51:18 -04:00
Régis Hanol e663d78104 SECURITY: sanitize markdown urls (prevent XSS) 2014-03-27 15:34:35 +01:00
Robin Ward 7716d940a0 BUGFIX: Allow links to images with absolute URLs as well as parens 2014-02-20 15:24:03 -05:00
Robin Ward af5254d3b4 FIX: Remove `canvas` tag. 2014-02-05 12:22:36 -05:00
Robin Ward 8adb08a9ca FIX: Don't allow `<button>` in posts either. 2014-02-04 16:29:00 -05:00
Robin Ward abffcd9f94 FIX: Blacklist `<textarea>` 2014-02-04 12:48:33 -05:00
Vikhyat Korrapati fad88c6cf3 Fix sanitization of smileys like <_< and <3. 2014-01-26 18:38:47 +05:30
Robin Ward e2c361f353 FIX: Indented code blocks followed by `<blockquote>` weren't working. 2014-01-21 16:18:20 -05:00
Robin Ward a502266c42 Enable JSHINT's `unused` option. It caught a bunch of suspicious stuff which is fixed in this commit. 2013-12-30 13:30:22 -05:00
Robin Ward a7a7387da1 Automatically convert some quotes to blockquotes 2013-12-13 15:31:25 -05:00
Neil Lalonde ed3d3ae1e1 Upgrade font-awesome to version 4 2013-12-11 10:31:09 -05:00
Robin Ward 0ece195723 Blacklist <center> 2013-12-04 11:43:20 -05:00
Régis Hanol 9b6538832d whitelist google.com/maps iframes 2013-11-29 18:08:53 +01:00
Robin Ward 0bab3f9b4e Revert "Revert "FIX: Markdown bug", breaks build"
This reverts commit 08ad5d479e.
2013-11-20 11:53:06 -05:00
Sam 08ad5d479e Revert "FIX: Markdown bug", breaks build
This reverts commit 4a32cddf80.
2013-11-20 10:41:21 +11:00
Robin Ward 4a32cddf80 FIX: Markdown bug 2013-11-19 16:23:04 -05:00
Robin Ward b8e63719f8 FIX: Don't autolink within a markdown link. 2013-11-04 14:24:40 -05:00
Robin Ward 9adcd1579d Renamed `components` to `lib` in the JS project, as Ember has components and they mean something different. 2013-10-24 12:36:46 -04:00