discourse/spec
Natalie Tay 188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
..
fabricators UX: Use a dropdown for SSL mode for group SMTP (#27932) 2024-07-18 10:33:14 +10:00
fixtures FEATURE: Allow oneboxing private GitHub repo URLs and add private indicator to HTML (#27947) 2024-07-19 12:21:45 +10:00
generator DEV: Silence the output of migration specs (#26365) 2024-03-26 11:32:44 +01:00
helpers DEV: update base url links to respect subfolder installs (#27740) 2024-07-09 12:42:38 +04:00
import_export DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
initializers DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
integration DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
integrity PERF: Avoid using `ObjectSpace.each_object` in `Jobs::Onceoff.enqueue_all` (#28072) 2024-07-25 13:30:56 +08:00
jobs DEV: Specs for redeliver_web_hook_events job (#27779) 2024-07-09 10:35:10 -05:00
lib SECURITY: Fixes for main (#28137) 2024-07-30 14:19:01 +08:00
mailers UX: Use a dropdown for SSL mode for group SMTP (#27932) 2024-07-18 10:33:14 +10:00
migrations DEV: Remove invalid content_security_policy_script_src site setting values from DB (#27588) 2024-06-27 22:17:56 +08:00
models DEV: Fix flaky spec related to translation overrides 2024-07-26 13:20:20 +02:00
multisite DEV: Add S3 upload system specs using minio (#22975) 2023-08-23 11:18:33 +10:00
requests DEV: Move config area site setting fetch into new controller (#28136) 2024-07-30 15:41:28 +10:00
script/import_scripts DEV: Catch missing translations during test runs (#26258) 2024-05-24 22:15:53 +08:00
serializers DEV: Update member access wizard step to use toggle group (#28013) 2024-07-29 14:07:06 +08:00
services FIX: flag valid type inclusion should be lambda (#28030) 2024-07-23 11:47:50 +10:00
support DEV: Avoid instance variables in specs 2024-07-11 14:31:20 +02:00
system DEV: Update member access wizard step to use toggle group (#28013) 2024-07-29 14:07:06 +08:00
tasks DEV: Improve test coverage of `themes:update` rake task (#26764) 2024-04-26 10:04:15 +08:00
views FEATURE: Simplify crawler content for non-canonical post URLs (#26324) 2024-03-26 15:18:46 +00:00
rails_helper.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Bump rswag-specs from 2.11.0 to 2.13.0 (#24654) 2023-12-07 08:16:47 +08:00