fb019d1712
* SECURITY: Fix XSS in full name composer reply We are using htmlSafe when rendering the name field so we need to escape any html being passed in. * SECURITY: Monkey-patch web-push gem to use safer HTTP client `FinalDestination::HTTP` is our patch of `Net::HTTP` which defend us against SSRF and DNS rebinding attacks. * SECURITY: SSRF protection bypass with IPv4-mapped IPv6 addresses As part of this commit, we've also expanded our list of private IP ranges based on https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml and https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml * SECURITY: XSS on chat excerpts Non-markdown tags weren't being escaped in chat excerpts. This could be triggered by editing a chat message containing a tag (self XSS), or by replying to a chat message with a tag (XSS). Co-authored-by: Jan Cernik <jancernik12@gmail.com> * FIX: Escaped mentions in chat excerpts Mentions are now displayed as using the non-cooked message which fixes the problem. This is not ideal. I think we might want to rework how these excerpts are created and rendered in the near future. Co-authored-by: Jan Cernik <jancernik12@gmail.com> * SECURITY: Add FinalDestination::FastImage that's SSRF safe --------- Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com> Co-authored-by: Jan Cernik <jancernik12@gmail.com> Co-authored-by: Ted Johansson <ted@discourse.org> |
||
|---|---|---|
| .. | ||
| category-drop | ||
| color-palettes | ||
| combo-box | ||
| dropdown-select-box | ||
| future-date-input-selector | ||
| mini-tag-chooser | ||
| multi-select | ||
| notifications-filter | ||
| period-chooser | ||
| select-kit | ||
| tag-drop | ||
| toolbar-popup-menu-options | ||
| user-chooser | ||
| category-row.hbs | ||
| create-color-row.hbs | ||
| email-group-user-chooser-row.hbs | ||
| flair-row.hbs | ||
| multi-select.hbs | ||
| pinned-button.hbs | ||
| selected-choice-category.hbs | ||
| selected-choice.hbs | ||
| selected-name.hbs | ||
| single-select.hbs | ||
| tag-chooser-row.hbs | ||
| tag-row.hbs | ||
| topic-notifications-button.hbs | ||
| topic-row.hbs | ||