Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681) 
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
 		2021-10-27 11:33:07 -03:00
..
components DEV: simplify username suggester (#14531) 2021-10-27 14:41:24 +04:00
fabricators DEV: Ignore reminder_type for bookmarks (#14349) 2021-09-16 09:56:54 +10:00
fixtures FIX: Parse address lists in embedded emails (#14514) 2021-10-06 15:07:29 +03:00
helpers FIX: Offer site_logo_dark_url as an option for dark mode themes (#14361) 2021-09-16 17:47:51 -04:00
import_export FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration SECURITY: Escape watched word in error message (#14434) 2021-09-24 11:55:15 +03:00
integrity DEV: Fix a flaky Onceoff spec (#13314) 2021-06-07 20:38:31 +02:00
jobs FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
lib DEV: prevents flakky spec when deleting plugin (#14701) 2021-10-25 10:24:21 +02:00
mailers FIX: Do not show recipient user in email participants list (#14642) 2021-10-19 15:26:22 +10:00
models DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
multisite FIX: Use random file name for temporary uploads (#14250) 2021-09-06 10:21:20 +10:00
requests FIX: Include the Vary:Accept header on all Accept-based responses (#14647) 2021-10-25 12:53:50 +01:00
script/import_scripts DEV: If disabled do not change setting after import (#12142) 2021-02-19 09:33:35 -07:00
serializers DEV: Fix rubocop issues (#14715) 2021-10-27 11:39:28 +03:00
services FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
support FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
tasks FIX: remove migrate_from_s3 task that silently corrupts data (#11703) 2021-01-17 22:33:29 +01:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
swagger_helper.rb DEV: Refactor the api docs for the user endpoint (#14377) 2021-09-20 10:04:57 -06:00