kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/lib/banzai/filter
History
Douwe Maan a14ee68fe4
Merge branch 'markdown-xss-fix-option-2.1' into 'security' 
Fix for HackerOne XSS vulnerability in markdown

This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153

See merge request !2015

Signed-off-by: Rémy Coutable <remy@rymai.me>
 		2016-11-09 12:26:44 +01:00
..
abstract_link_filter_spec.rb Fix RangeError exceptions when referring to issues or merge requests outside of max database values 2016-06-18 13:07:38 -07:00
autolink_filter_spec.rb Merge branch 'markdown-xss-fix-option-2.1' into 'security' 2016-11-09 12:26:44 +01:00
blockquote_fence_filter_spec.rb Fix typo in spec 2016-07-10 14:59:36 -05:00
commit_range_reference_filter_spec.rb Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
commit_reference_filter_spec.rb Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
emoji_filter_spec.rb Convert UTF-8 Emoji to Gitlab emoji 2016-10-13 13:18:30 +02:00
external_issue_reference_filter_spec.rb Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
external_link_filter_spec.rb Add Nofollow for uppercased scheme in external url 2016-10-18 13:54:02 +01:00
gollum_tags_filter_spec.rb little refactor and improvements on specs 2016-04-06 20:09:15 -03:00
html_entity_filter_spec.rb fix: commit messages being double-escaped in activies tab 2016-10-18 05:06:02 -07:00
image_link_filter_spec.rb Wrap images in divs with Banzai and limit max-height. 2016-06-27 09:16:07 -06:00
inline_diff_filter_spec.rb Create DiffFilter and change SystemNoteService#change_title to use Gitlab::Diff::InlineDiff 2016-05-18 11:15:10 -05:00
issue_reference_filter_spec.rb Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
label_reference_filter_spec.rb Unfold references for group labels when moving issue to another project 2016-10-19 14:58:25 -02:00
merge_request_reference_filter_spec.rb Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
milestone_reference_filter_spec.rb Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
redactor_filter_spec.rb Merge branch 'issue_23548_dev' into 'master' 2016-11-09 12:25:17 +01:00
reference_filter_spec.rb Added ReferenceFilter#nodes 2016-06-02 12:30:18 +02:00
relative_link_filter_spec.rb Add failing test for #21420 2016-10-24 22:18:34 +02:00
sanitization_filter_spec.rb Use a case-insensitive comparison in sanitizing URI schemes 2016-05-09 12:47:53 -07:00
snippet_reference_filter_spec.rb Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
syntax_highlight_filter_spec.rb Fixed banzai test failures 2016-10-04 16:13:55 +01:00
table_of_contents_filter_spec.rb Remove magic comments from Ruby files (!5456) 2016-07-24 07:08:45 +02:00
upload_link_filter_spec.rb Remove magic comments from Ruby files (!5456) 2016-07-24 07:08:45 +02:00
user_reference_filter_spec.rb Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
video_link_filter_spec.rb Enable some Rubocop cops related to new lines 2016-08-03 12:02:41 +02:00
wiki_link_filter_spec.rb Fix bug in `WikiLinkFilter`. 2016-06-18 14:10:40 +05:30
yaml_front_matter_filter_spec.rb Add YamlFrontMatterFilter to the PreProcessPipeline 2016-03-04 18:05:48 -05:00