discourse

History

Vinoth Kannan ded6ea66a5 FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714 ) This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.		2023-05-24 16:14:18 +05:30
..
emoji	DEV: Update javascript:update_constants rake task following template colocation (#20365 )	2023-02-20 06:20:47 +03:00
engines	Revert "DEV: Add crossOrigin to video tag (#20617 )" (#20624 )	2023-03-09 16:20:35 -07:00
allow-lister.js	A11Y: Set role=presentation if alt attr is missing (#18546 )	2022-10-12 14:07:37 +03:00
censored-words.js	DEV: Ensure `censorFn` copes with null `regexpList` (#17754 )	2022-08-02 11:09:51 +01:00
emoji.js	FEATURE: Add an emoji deny list site setting (#20929 )	2023-04-13 15:38:54 +08:00
guid.js	DEV: apply new coding standards (#10592 )	2020-09-04 13:42:47 +02:00
highlightjs-aliases.js	DEV: Add support for aliases in HighlightJS languages (#20380 )	2023-02-23 15:06:06 -05:00
inline-oneboxer.js	DEV: removes jquery usage from onebox (#14683 )	2021-10-22 13:15:46 +02:00
mentions.js	FEATURE: Enforce mention limits for chat messages (#19034 )	2022-12-06 14:54:04 -03:00
oneboxer-cache.js	DEV: removes jquery usage from onebox (#14683 )	2021-10-22 13:15:46 +02:00
oneboxer.js	DEV: Introduce `discourseLater` (#17532 )	2022-07-17 00:50:49 +02:00
pretty-text.js	FEATURE: Add an emoji deny list site setting (#20929 )	2023-04-13 15:38:54 +08:00
sanitizer.js	FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714 )	2023-05-24 16:14:18 +05:30
upload-short-url.js	DEV: Rename secure_media to secure_uploads (#18376 )	2022-09-29 09:24:33 +10:00