gitlab-org--gitlab-foss/spec/lib/banzai
Douwe Maan a14ee68fe4
Merge branch 'markdown-xss-fix-option-2.1' into 'security'
Fix for HackerOne XSS vulnerability in markdown

This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153

See merge request !2015

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-11-09 12:26:44 +01:00
..
filter Merge branch 'markdown-xss-fix-option-2.1' into 'security' 2016-11-09 12:26:44 +01:00
pipeline Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
reference_parser Merge branch 'issue_23548_dev' into 'master' 2016-11-09 12:25:17 +01:00
cross_project_reference_spec.rb
filter_array_spec.rb
note_renderer_spec.rb Use CacheMarkdownField for notes 2016-10-07 02:54:26 +01:00
object_renderer_spec.rb Add RTL support to markdown renderer 2016-10-16 17:47:48 +03:30
querying_spec.rb Optimize CSS expressions produced by Nokogiri 2015-12-31 15:46:47 +01:00
redactor_spec.rb Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
renderer_spec.rb Add markdown cache columns to the database, but don't use them yet 2016-10-07 02:54:25 +01:00