Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/models/concerns
History
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681) 
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
 		2021-10-27 11:33:07 -03:00
..
reports FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
anon_cache_invalidator.rb
cached_counting.rb
category_hashtag.rb
has_custom_fields.rb FIX: Nil-filled CF arrays were not being deleted (#13518) 2021-06-25 11:34:51 +02:00
has_destroyed_web_hook.rb
has_sanitizable_fields.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
has_search_data.rb
has_url.rb DEV: Make site setting type uploaded_image_list use upload IDs (#10401) 2020-10-13 16:17:06 +03:00
limited_edit.rb
positionable.rb
roleable.rb FEATURE: set notification levels when added to a group (#10378) 2020-08-06 12:27:27 -04:00
searchable.rb
second_factor_manager.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
stats_cacheable.rb
topic_tracking_state_publishable.rb FEATURE: Publish read topic tracking events for private messages. (#14274) 2021-09-09 09:16:53 +08:00
trashable.rb DEV: Remove with_deleted workarounds for old Rails version (#11550) 2020-12-22 10:38:59 +11:00