Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app
History
Blake Erickson a373bf2a01 SECURITY: XSS on chat excerpts 
Non-markdown tags weren't being escaped in chat excerpts. This could be
triggered by editing a chat message containing a tag (self XSS), or by
replying to a chat message with a tag (XSS).

Co-authored-by: Jan Cernik <jancernik12@gmail.com>
 		2023-03-16 15:27:09 -06:00
..
assets SECURITY: XSS on chat excerpts 2023-03-16 15:27:09 -06:00
controllers SECURITY: Rate limit the creation of backups 2023-03-16 16:09:22 +01:00
helpers DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
jobs DEV: Refactor `Jobs::UserEmail` a little 2023-03-14 09:23:06 +01:00
mailers DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
models DEV: Store theme sprites in the DB (#20501) 2023-03-14 13:11:45 -05:00
serializers FEATURE: Configurable auto-bump cooldown (#20507) 2023-03-10 13:45:01 +08:00
services DEV: Remove `badge_granted_title` column from `user_profiles` (#20476) 2023-03-08 13:37:20 +01:00
views SECURITY: Show only visible tags in metadata 2023-02-23 17:22:20 +01:00