osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
6dcb099547
osr-discourse-src/app
History
Blake Erickson a373bf2a01 SECURITY: XSS on chat excerpts 
Non-markdown tags weren't being escaped in chat excerpts. This could be
triggered by editing a chat message containing a tag (self XSS), or by
replying to a chat message with a tag (XSS).

Co-authored-by: Jan Cernik <jancernik12@gmail.com>
2023-03-16 15:27:09 -06:00
..
assets SECURITY: XSS on chat excerpts 2023-03-16 15:27:09 -06:00
controllers SECURITY: Rate limit the creation of backups 2023-03-16 16:09:22 +01:00
helpers DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
jobs DEV: Refactor Jobs::UserEmail a little 2023-03-14 09:23:06 +01:00
mailers DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
models DEV: Store theme sprites in the DB (#20501) 2023-03-14 13:11:45 -05:00
serializers FEATURE: Configurable auto-bump cooldown (#20507) 2023-03-10 13:45:01 +08:00
services DEV: Remove badge_granted_title column from user_profiles (#20476) 2023-03-08 13:37:20 +01:00
views SECURITY: Show only visible tags in metadata 2023-02-23 17:22:20 +01:00