5ee31cbf7d
* FIX: Mark invites flash messages as HTML safe. This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client. Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220 * If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend. * Escape user input instead of sanitizing |
||
|---|---|---|
| .. | ||
| assets | ||
| controllers | ||
| helpers | ||
| jobs | ||
| mailers | ||
| models | ||
| serializers | ||
| services | ||
| views | ||