Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/controllers
History
Roman Rizzi 5e4c0e2caa
FEATURE: Treat site settings as plain text and add a new HTML type. (#12618) 
To add an extra layer of security, we sanitize settings before shipping them to the client. We don't sanitize those that have the "html" type.

The CookedPostProcessor already uses Loofah for sanitization, so I chose to also use it for this. I added it to our gemfile since we installed it as a transitive dependency.
 		2021-04-07 12:51:19 -03:00
..
admin FEATURE: Treat site settings as plain text and add a new HTML type. (#12618) 2021-04-07 12:51:19 -03:00
users FIX: Handle staged users as unregistered users for external auth (#12567) 2021-03-31 13:40:58 +01:00
about_controller.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
application_controller.rb DEV: Retry-after header values should be strings (#12475) 2021-03-23 20:32:36 +01:00
badges_controller.rb UX: Add image uploader widget for uploading badge images (#12377) 2021-03-17 08:55:23 +03:00
bookmarks_controller.rb FEATURE: Bookmark pinning (#12431) 2021-03-22 09:50:22 +10:00
bootstrap_controller.rb DEV: Use Ember CLI middleware to decorate the index template (#12292) 2021-03-09 10:09:35 -05:00
categories_controller.rb DEV: Remove draft attributes from topic lists (#12525) 2021-03-30 11:42:26 -04:00
clicks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_messages_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
csp_reports_controller.rb DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337) 2020-04-02 11:16:38 -04:00
directory_items_controller.rb FIX: Ensure directory items appear in a consistent order (#11370) 2020-11-27 18:12:49 +00:00
do_not_disturb_controller.rb DEV: Replace 'processed' column on notifications with new table (#11864) 2021-01-27 10:29:24 -06:00
draft_controller.rb FEATURE: composer option to reload page and force save draft (#10773) 2020-09-29 22:29:03 +05:30
drafts_controller.rb SECURITY: Respect topic permissions when loading draft metadata 2020-03-23 11:30:40 +00:00
email_controller.rb FIX: set mailing_list_mode to false when unsubscribing from all (#10354) 2020-08-03 16:59:54 +10:00
embed_controller.rb FEATURE: Add CSP frame-ancestors support (#12404) 2021-03-22 16:00:25 -03:00
exceptions_controller.rb FEATURE: Add site setting to show more detailed 404 errors. (#8014) 2019-10-08 14:15:08 +03:00
export_csv_controller.rb DEV: Switch to new ExportUserArchive job 2020-08-28 11:46:53 -07:00
extra_locales_controller.rb Replace `base_uri` with `base_path` (#10879) 2020-10-09 12:51:24 +01:00
finish_installation_controller.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
forums_controller.rb FEATURE: Allow a cluster_name to be configured and used for /srv/status (#12365) 2021-03-15 15:41:59 +11:00
groups_controller.rb FEATURE: Allow setting avatar flair for automatic groups (#12586) 2021-04-06 11:13:06 -04:00
hashtags_controller.rb DEV: Merge category and tag hashtags code paths (#10216) 2020-07-13 19:13:17 +03:00
highlight_js_controller.rb DEV: apply allow origin response header for CDN requests. (#11893) 2021-01-29 07:44:49 +05:30
inline_onebox_controller.rb FIX: Make inline oneboxes work with secured topics in secured contexts (#8895) 2020-02-12 12:11:28 +02:00
invites_controller.rb FEATURE: Retrieve an existing link only invite (#12575) 2021-04-06 11:01:07 -04:00
list_controller.rb FIX: Category redirect to correct slug should not loop (#11772) 2021-02-16 17:54:50 +02:00
metadata_controller.rb FIX: Move PWA App shortcut for bookmarks to new path (#12388) 2021-03-15 15:36:50 +11:00
notifications_controller.rb FIX: Typo in `NotificationsController#index` not caught by tests. 2020-07-22 09:22:26 +08:00
offline_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
onebox_controller.rb DEV: Add more debugging context to onebox generation 2020-10-22 12:50:22 +08:00
permalinks_controller.rb FIX: Check for permalinks before showing the 404 page 2020-03-23 16:31:07 -07:00
post_action_users_controller.rb FEATURE: Allow category group moderators to delete topics (#11069) 2020-11-05 12:18:26 -05:00
post_actions_controller.rb FEATURE: Admins can flag posts so they can review them later. (#12311) 2021-03-11 08:21:24 -03:00
post_readers_controller.rb DEV: '= true' is not necessary 2019-12-03 11:32:45 -03:00
posts_controller.rb FIX: post merging was failing silently (#12566) 2021-04-01 06:46:18 +05:30
published_pages_controller.rb FIX: Do not enable published page if secure media enabled (#11131) 2020-11-06 10:33:19 +10:00
push_notification_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
qunit_controller.rb Revert "FEATURE: Introduce theme/component QUnit tests (#12517)" (#12632) 2021-04-07 17:45:49 +03:00
reviewable_claimed_topics_controller.rb FEATURE: Allow group moderators to close/archive topics 2020-07-14 12:36:19 -04:00
reviewables_controller.rb DEV: APIs for plugin to add custom reviewable confirm modal (#12246) 2021-03-02 10:28:27 -06:00
robots_txt_controller.rb FIX: Do not block `uploads` path in robots.txt (#12349) 2021-03-11 09:36:49 -05:00
safe_mode_controller.rb FEATURE: Always disable customizations on the `/safe-mode` route (#9052) 2020-02-28 10:53:11 +00:00
search_controller.rb FIX: global setting needs to be coerced to float (#11162) 2020-11-09 16:46:52 +11:00
session_controller.rb FEATURE: Allow using invites when DiscourseConnect SSO is enabled (#12419) 2021-03-19 10:20:10 +10:00
similar_topics_controller.rb PERF: Avoid parsing `Post#cooked` with Nokogiri for every search. 2020-07-24 10:43:09 +08:00
site_controller.rb DEV: Make site setting type uploaded_image_list use upload IDs (#10401) 2020-10-13 16:17:06 +03:00
static_controller.rb DEV: apply allow origin response header for CDN requests. (#11893) 2021-01-29 07:44:49 +05:30
steps_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheets_controller.rb DEV: apply allow origin response header for CDN requests. (#11893) 2021-01-29 07:44:49 +05:30
svg_sprite_controller.rb DEV: apply allow origin response header for CDN requests. (#11893) 2021-01-29 07:44:49 +05:30
tag_groups_controller.rb Tag groups can belong to groups (#10854) 2020-10-14 13:15:54 -04:00
tags_controller.rb FIX: Viewing some tag routes wasn't rendering the list without JS (#12344) 2021-03-17 13:02:32 -04:00
theme_javascripts_controller.rb Revert "FEATURE: Introduce theme/component QUnit tests (#12517)" (#12632) 2021-04-07 17:45:49 +03:00
topics_controller.rb FEATURE: allow category group moderators to pin/unpin topics (#12325) 2021-03-09 16:05:11 -05:00
uploads_controller.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
user_actions_controller.rb FEATURE: Quick access panels in user menu (#8073) 2019-09-09 11:03:57 -04:00
user_api_keys_controller.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
user_avatars_controller.rb DEV: apply allow origin response header for CDN requests. (#11893) 2021-01-29 07:44:49 +05:30
user_badges_controller.rb UX: Add image uploader widget for uploading badge images (#12377) 2021-03-17 08:55:23 +03:00
users_controller.rb FIX: Perform better email validation (#12497) 2021-03-24 08:44:51 +11:00
users_email_controller.rb DEV: Move logic for rate limiting user second factor to one place (#11941) 2021-02-04 09:03:30 +10:00
webhooks_controller.rb FEATURE: IMAP delete email sync for group inboxes (#10392) 2020-08-12 10:16:26 +10:00
wizard_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00