osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
515699776b09d65bd90ca932f39bbbe3a5f77ca7
osr-discourse-src/lib/file_store
T
History
Martin Brennan 31e31ef449 SECURITY: Add content-disposition: attachment for SVG uploads 
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
..
base_store.rb
FIX: OptimizedImage#filesize (#10095)
2020-07-06 17:01:29 +02:00
local_store.rb
REFACTOR: Restoring of backups and migration of uploads to S3
2020-01-14 11:41:35 +01:00
s3_store.rb
SECURITY: Add content-disposition: attachment for SVG uploads
2020-07-09 13:31:48 +10:00
to_s3_migration.rb
SECURITY: Add content-disposition: attachment for SVG uploads
2020-07-09 13:31:48 +10:00