discourse/lib/validators
Roman Rizzi 5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539)
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
2022-01-18 09:38:31 -03:00
..
allow_user_locale_enabled_validator.rb
allowed_ip_address_validator.rb
alternative_reply_by_email_addresses_validator.rb
categories_topics_validator.rb
category_search_priority_weights_validator.rb FEATURE: Change very high/low search priority to rank at absolute ends. 2021-03-09 09:20:37 +08:00
censored_words_validator.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
color_list_validator.rb
css_color_validator.rb FIX: Validate email_accent_bg_color color (#13778) 2021-07-22 17:42:47 +03:00
email_setting_validator.rb
email_validator.rb FIX: Mark invites flash messages as HTML safe. (#15539) 2022-01-18 09:38:31 -03:00
enable_invite_only_validator.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
enable_local_logins_via_email_validator.rb
enable_private_email_messages_validator.rb
enable_sso_validator.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
external_system_avatars_validator.rb
google_oauth2_hd_groups_validator.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
group_setting_validator.rb
integer_setting_validator.rb
ip_address_format_validator.rb
markdown_typographer_quotation_marks_validator.rb
max_emojis_validator.rb
max_username_length_validator.rb
min_username_length_validator.rb
not_username_validator.rb FEATURE: Mention @here to notify users in topic (#14900) 2021-11-23 22:25:54 +02:00
password_validator.rb
pop3_polling_enabled_setting_validator.rb DEV: Use EmailSettingsValidator in more places (#15404) 2022-01-04 08:30:48 +10:00
post_validator.rb FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
quality_title_validator.rb FEATURE: Improve errors when title is invalid (#11149) 2020-11-11 15:11:36 +02:00
regex_presence_validator.rb
regex_setting_validation.rb
regex_setting_validator.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
reply_by_email_address_validator.rb
reply_by_email_enabled_validator.rb
selectable_avatars_enabled_validator.rb DEV: Make site setting type uploaded_image_list use upload IDs (#10401) 2020-10-13 16:17:06 +03:00
sso_overrides_email_validator.rb FEATURE: sso_overrides_(email|username|name) for all auth methods 2020-07-06 10:18:45 +01:00
string_setting_validator.rb DEV: Add experimental json_scheme site setting type (#12226) 2021-03-01 09:15:17 -05:00
stripped_length_validator.rb FIX: post merging was failing silently (#12566) 2021-04-01 06:46:18 +05:30
timezone_validator.rb
topic_title_length_validator.rb
unicode_username_allowlist_validator.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
unicode_username_validator.rb
unique_among_validator.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
upload_validator.rb FEATURE: Humanize file size error messages (#14398) 2021-09-22 07:59:45 +10:00
url_validator.rb
user_full_name_validator.rb
username_setting_validator.rb
watched_words_validator.rb SECURITY: Escape watched word in error message (#14434) 2021-09-24 11:55:15 +03:00