kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib
History
Douwe Maan a14ee68fe4
Merge branch 'markdown-xss-fix-option-2.1' into 'security' 
Fix for HackerOne XSS vulnerability in markdown

This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153

See merge request !2015

Signed-off-by: Rémy Coutable <remy@rymai.me>
 		2016-11-09 12:26:44 +01:00
..
api Merge branch 'fix-systemhook-api' into 'master' 2016-11-08 10:02:48 +00:00
assets
backup Backups do not fail anymore when using tar on annex and custom_hooks 2016-10-27 11:24:35 +01:00
banzai Merge branch 'markdown-xss-fix-option-2.1' into 'security' 2016-11-09 12:26:44 +01:00
ci Add logical validation to gitlab-ci.yml 2016-10-18 12:22:51 +02:00
constraints Add small improvements to constrainers and specs 2016-11-08 14:32:42 +02:00
container_registry Make rubocop happy 2016-07-15 18:05:39 +02:00
generators/rails/post_deployment_migration require rails/generators for generators 2016-11-01 21:44:27 +01:00
gitlab Merge branch 'faster_project_search' into 'master' 2016-11-08 15:29:56 +00:00
json_web_token
omni_auth
rouge/formatters Trim extra displayed carriage returns in diffs and files with CRLFs 2016-08-01 13:24:06 +02:00
support Revert "Defend against 'Host' header injection" 2016-08-08 13:02:44 +02:00
tasks Remove unused `gitlab:generate_docs` Rake task 2016-11-03 17:25:58 +00:00
banzai.rb Add markdown cache columns to the database, but don't use them yet 2016-10-07 02:54:25 +01:00
disable_email_interceptor.rb Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
event_filter.rb Differentiate the expire from leave event 2016-10-20 00:26:45 +00:00
expand_variables.rb Update support for dynamic environments 2016-09-19 10:07:13 +02:00
extracts_path.rb Remove 'extended_sha1' option from ExtractsPath module 2016-11-06 12:33:39 +09:00
file_size_validator.rb
file_streamer.rb
gitlab.rb Update `Gitlab.com?` to support staging 2016-06-27 15:10:36 -04:00
gt_one_coercion.rb
repository_cache.rb Use project ID in repository cache to prevent stale data from persisting across projects 2016-07-25 05:09:28 -07:00
static_model.rb
unfold_form.rb
uploaded_file.rb Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
version_check.rb