discourse/spec/lib/onebox
Natalie Tay 188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
..
engine FEATURE: Allow oneboxing private GitHub repo URLs and add private indicator to HTML (#27947) 2024-07-19 12:21:45 +10:00
domain_checker_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
engine_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
helpers_spec.rb FEATURE: use new site setting for onebox custom user agent. (#28045) 2024-07-24 04:45:30 +05:30
json_ld_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
layout_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
matcher_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
movie_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00
oembed_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
open_graph_spec.rb FEATURE: Show more context in Discourse topic oneboxes 2023-01-11 14:22:53 +01:00
preview_spec.rb SECURITY: Fixes for main (#28137) 2024-07-30 14:19:01 +08:00
status_check_spec.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00