discourse/app/assets/javascripts/pretty-text/addon
Vinoth Kannan ded6ea66a5
FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714)
This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.
2023-05-24 16:14:18 +05:30
..
emoji DEV: Update javascript:update_constants rake task following template colocation (#20365) 2023-02-20 06:20:47 +03:00
engines Revert "DEV: Add crossOrigin to video tag (#20617)" (#20624) 2023-03-09 16:20:35 -07:00
allow-lister.js A11Y: Set role=presentation if alt attr is missing (#18546) 2022-10-12 14:07:37 +03:00
censored-words.js DEV: Ensure `censorFn` copes with null `regexpList` (#17754) 2022-08-02 11:09:51 +01:00
emoji.js FEATURE: Add an emoji deny list site setting (#20929) 2023-04-13 15:38:54 +08:00
guid.js
highlightjs-aliases.js DEV: Add support for aliases in HighlightJS languages (#20380) 2023-02-23 15:06:06 -05:00
inline-oneboxer.js DEV: removes jquery usage from onebox (#14683) 2021-10-22 13:15:46 +02:00
mentions.js FEATURE: Enforce mention limits for chat messages (#19034) 2022-12-06 14:54:04 -03:00
oneboxer-cache.js DEV: removes jquery usage from onebox (#14683) 2021-10-22 13:15:46 +02:00
oneboxer.js DEV: Introduce `discourseLater` (#17532) 2022-07-17 00:50:49 +02:00
pretty-text.js FEATURE: Add an emoji deny list site setting (#20929) 2023-04-13 15:38:54 +08:00
sanitizer.js FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714) 2023-05-24 16:14:18 +05:30
upload-short-url.js DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00