Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/components/stylesheet
History
David Taylor 6e9bb84d12
FIX: Ensure theme names are escaped in HTML attributes (#15272) 
If a theme name contained a double-quote, this problem could lead to invalid/unexpected HTML in the `<head>`

Note that this is not considered a security issue because themes can only be installed/named by administrators, and themes/administrators already have the ability to run arbitrary javascript.
 		2021-12-13 10:50:09 +00:00
..
compiler_spec.rb DEV: Support referencing public images in plugins in SCSS (#12930) 2021-05-03 14:40:02 -04:00
importer_spec.rb DEV: Compile core and plugin stylesheets independently of themes (#13638) 2021-07-06 13:11:10 -04:00
manager_spec.rb FIX: Ensure theme names are escaped in HTML attributes (#15272) 2021-12-13 10:50:09 +00:00