osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
bec76f937cfb7564ff3c63c57e3372ba99378371
osr-discourse-src/spec/components/stylesheet
T
History
David Taylor 6e9bb84d12 FIX: Ensure theme names are escaped in HTML attributes (#15272) 
If a theme name contained a double-quote, this problem could lead to invalid/unexpected HTML in the `<head>`

Note that this is not considered a security issue because themes can only be installed/named by administrators, and themes/administrators already have the ability to run arbitrary javascript.
2021-12-13 10:50:09 +00:00
..
compiler_spec.rb
DEV: Support referencing public images in plugins in SCSS (#12930)
2021-05-03 14:40:02 -04:00
importer_spec.rb
DEV: Compile core and plugin stylesheets independently of themes (#13638)
2021-07-06 13:11:10 -04:00
manager_spec.rb
FIX: Ensure theme names are escaped in HTML attributes (#15272)
2021-12-13 10:50:09 +00:00