osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
13aed6fe3b
osr-discourse-src/app/models/concerns
History
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681) 
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
2021-10-27 11:33:07 -03:00
..
reports FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
anon_cache_invalidator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
cached_counting.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
category_hashtag.rb FIX: Improve category hashtag lookup (#10133) 2020-07-07 10:19:01 +10:00
has_custom_fields.rb FIX: Nil-filled CF arrays were not being deleted (#13518) 2021-06-25 11:34:51 +02:00
has_destroyed_web_hook.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
has_sanitizable_fields.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
has_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
has_url.rb DEV: Make site setting type uploaded_image_list use upload IDs (#10401) 2020-10-13 16:17:06 +03:00
limited_edit.rb REFACTOR: Edit title respects min trust to edit post 2020-02-05 10:36:24 -07:00
positionable.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
roleable.rb FEATURE: set notification levels when added to a group (#10378) 2020-08-06 12:27:27 -04:00
searchable.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
second_factor_manager.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
stats_cacheable.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
topic_tracking_state_publishable.rb FEATURE: Publish read topic tracking events for private messages. (#14274) 2021-09-09 09:16:53 +08:00
trashable.rb DEV: Remove with_deleted workarounds for old Rails version (#11550) 2020-12-22 10:38:59 +11:00