Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/assets/javascripts/pretty-text/addon
History
Vinoth Kannan ded6ea66a5
FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714) 
This commit prevents unallowed URLs in iframe src by adding a relative path like `https://bob.com/abc/def/../ghi`. Currently, the iframe linking to the site uses the current_user, not the post's author, so users who have no access to a certain path are not able to view anything they shouldn't.
 		2023-05-24 16:14:18 +05:30
..
emoji DEV: Update javascript:update_constants rake task following template colocation (#20365) 2023-02-20 06:20:47 +03:00
engines Revert "DEV: Add crossOrigin to video tag (#20617)" (#20624) 2023-03-09 16:20:35 -07:00
allow-lister.js
censored-words.js
emoji.js FEATURE: Add an emoji deny list site setting (#20929) 2023-04-13 15:38:54 +08:00
guid.js
highlightjs-aliases.js DEV: Add support for aliases in HighlightJS languages (#20380) 2023-02-23 15:06:06 -05:00
inline-oneboxer.js
mentions.js FEATURE: Enforce mention limits for chat messages (#19034) 2022-12-06 14:54:04 -03:00
oneboxer-cache.js
oneboxer.js
pretty-text.js FEATURE: Add an emoji deny list site setting (#20929) 2023-04-13 15:38:54 +08:00
sanitizer.js FIX: skip iframe URLs with relative paths in pretty text sanitizer. (#21714) 2023-05-24 16:14:18 +05:30
upload-short-url.js