This repository has been archived on 2023-03-18. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Roman Rizzi df3eb93973 DEV: Sanitize HTML admin inputs (#14681) ...

* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](https://github.com/rails/rails-html-sanitizer/blob/018cf540737ae10ee1c673ce184408881852c479/lib/rails/html/sanitizer.rb#L108)

* Make sure that the sanitization logic doesn't corrupt settings with special characters

2021-10-27 11:33:07 -03:00

..

reports

FEATURE: Add post edits count to user activity (#13495)

2021-08-02 10:15:53 -04:00

anon_cache_invalidator.rb

…

cached_counting.rb

…

category_hashtag.rb

FIX: Improve category hashtag lookup (#10133)

2020-07-07 10:19:01 +10:00

has_custom_fields.rb

FIX: Nil-filled CF arrays were not being deleted (#13518)

2021-06-25 11:34:51 +02:00

has_destroyed_web_hook.rb

…

has_sanitizable_fields.rb

DEV: Sanitize HTML admin inputs (#14681)

2021-10-27 11:33:07 -03:00

has_search_data.rb

…

has_url.rb

DEV: Make site setting type uploaded_image_list use upload IDs (#10401)

2020-10-13 16:17:06 +03:00

limited_edit.rb

REFACTOR: Edit title respects min trust to edit post

2020-02-05 10:36:24 -07:00

positionable.rb

…

roleable.rb

FEATURE: set notification levels when added to a group (#10378)

2020-08-06 12:27:27 -04:00

searchable.rb

…

second_factor_manager.rb

FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)

2021-02-08 10:04:33 +00:00

stats_cacheable.rb

…

topic_tracking_state_publishable.rb

FEATURE: Publish read topic tracking events for private messages. (#14274)

2021-09-09 09:16:53 +08:00

trashable.rb

DEV: Remove with_deleted workarounds for old Rails version (#11550)

2020-12-22 10:38:59 +11:00