Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app
History
Vinoth Kannan ded6ea66a5
FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714) 
This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.
 		2023-05-24 16:14:18 +05:30
..
assets FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714) 2023-05-24 16:14:18 +05:30
controllers DEV: edited links are set in specific order (#21665) 2023-05-23 10:00:46 +10:00
helpers UX: Improve login required page (#20847) 2023-03-28 07:09:44 -05:00
jobs FIX: consider users.created_at for inactive cleanup (#21688) 2023-05-23 13:41:23 +05:30
mailers FIX: Likes received count in digest email (#21458) 2023-05-09 19:19:26 +02:00
models DEV: Bump the limits on group request text fields 2023-05-24 09:57:46 +02:00
serializers FIX: Do not cook icon with hashtags (#21676) 2023-05-23 09:33:55 +02:00
services FIX: Do not cook icon with hashtags (#21676) 2023-05-23 09:33:55 +02:00
views FIX: Likes received count in digest email (#21458) 2023-05-09 19:19:26 +02:00