This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.

Martin Brennan 62498f3653 SECURITY: Add content-disposition: attachment for SVG uploads ... * strip out the href and xlink:href attributes from use element that are _not_ anchors in svgs which can be used for XSS * adding the content-disposition: attachment ensures that uploaded SVGs cannot be opened and executed using the XSS exploit. svgs embedded using an img tag do not suffer from the same exploit		2020-07-09 13:45:25 +10:00
..
assets	FIX: ensures moderation history is accessible from topic/post admin menu (#10118)	2020-06-24 10:49:47 +02:00
controllers	SECURITY: Add content-disposition: attachment for SVG uploads	2020-07-09 13:45:25 +10:00
helpers	New bootstrap.json endpoint for starting up Discourse	2020-06-03 14:45:23 -04:00
jobs	DEV: improve verbose mode for reindexer	2020-06-24 17:29:45 +10:00
mailers	FIX: Use correct URL for unsubscribe (#10077)	2020-06-24 09:31:20 +02:00
models	Update category_featured_topic.rb (#10121)	2020-06-25 10:21:40 -04:00
serializers	FIX: skip category notification_level unless scoped	2020-06-24 17:08:12 +10:00
services	FIX: Use Discourse.system_user when we need a placeholder admin (#9781)	2020-06-24 15:51:30 +10:00
views	FEATURE: allows to have header/footer in publshed pages (#10067)	2020-06-19 09:51:03 +02:00