Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/config
History
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681) 
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
 		2021-10-27 11:33:07 -03:00
..
cloud/cloud66 DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
environments FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
initializers FEATURE: Cache CORS preflight for MessageBus (#14616) 2021-10-15 00:23:53 -03:00
locales DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
application.rb FIX: Check env for multisite config path even if config file exists (#14536) 2021-10-06 13:24:50 -05:00
boot.rb DEV: Remove deprecated bootsnap options (#11929) 2021-02-02 14:39:51 +01:00
cdn.yml.sample
database.yml DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
deploy.rb.sample enough with the malloc limit, not needed 2016-05-25 21:09:07 +10:00
dev_defaults.yml FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
discourse.config.sample enough with the malloc limit, not needed 2016-05-25 21:09:07 +10:00
discourse.pill.sample
discourse_defaults.conf FEATURE: Make the multisite config path configurable (#14308) 2021-09-10 14:19:52 -05:00
environment.rb DEV: replace mailcatcher references with mailhog (#14500) 2021-10-05 15:48:06 +05:30
logrotate.conf
multisite.yml.production-sample DEV: Remove `db_id` from sample multisite config. 2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf FEATURE: Optimize images before upload (#13432) 2021-06-23 12:31:12 -03:00
projections.json DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
puma.rb remove daemonize setting (#12232) 2021-03-01 16:42:50 +11:00
routes.rb FIX: improvements for download local dates (#14588) 2021-10-14 09:22:44 +11:00
sidekiq.yml FEATURE: introduce ultra_low priority queue 2019-01-17 14:53:19 +11:00
site_settings.yml UX: Re-order auth-related site settings for clarity (#14716) 2021-10-26 11:24:10 +01:00
spring.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
thin.yml.sample
unicorn.conf.rb Revert "DEV: suppress assets logs from qunit tests (#13871)" 2021-07-29 13:28:24 +08:00
unicorn_launcher FIX: Increase timeout when trying to reload unicorn. 2018-12-04 13:43:14 +08:00
unicorn_upstart.conf enough with the malloc limit, not needed 2016-05-25 21:09:07 +10:00