discourse

Author SHA1 Message Date

Author	SHA1	Message	Date
Roman Rizzi	df3eb93973	DEV: Sanitize HTML admin inputs (#14681 ) * DEV: Sanitize HTML admin inputs This PR adds on-save HTML sanitization for: Client site settings translation overrides badges descriptions user fields descriptions I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](`018cf54073/lib/rails/html/sanitizer.rb (L108)`) * Make sure that the sanitization logic doesn't corrupt settings with special characters	2021-10-27 11:33:07 -03:00

Roman Rizzi

df3eb93973

DEV: Sanitize HTML admin inputs (#14681 )

* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters

2021-10-27 11:33:07 -03:00

1 Commits