Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app
History
Natalie Tay 188cb58daa
SECURITY: Fixes for main (#28137) 
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
 		2024-07-30 14:19:01 +08:00
..
assets SECURITY: Fixes for main (#28137) 2024-07-30 14:19:01 +08:00
controllers DEV: Move config area site setting fetch into new controller (#28136) 2024-07-30 15:41:28 +10:00
helpers UX: Use localized time format in embedded comments (#28014) 2024-07-22 18:42:36 +08:00
jobs FIX: Ensure JsLocaleHelper to not output deprecated translations (#28037) 2024-07-29 15:21:25 +08:00
mailers UX: Use a dropdown for SSL mode for group SMTP (#27932) 2024-07-18 10:33:14 +10:00
models SECURITY: Fixes for main (#28137) 2024-07-30 14:19:01 +08:00
serializers DEV: show admin moderation flags UI (#28071) 2024-07-25 15:24:17 +10:00
services FEATURE: Clean up previously logged information after permanently deleting posts (#28033) 2024-07-23 15:27:11 +08:00
views FIX: Exclude reply count on posts due to required Comment nesting (#27892) 2024-07-15 09:40:47 +08:00