gitlab-org--gitlab-foss

History

Douwe Maan a14ee68fe4 Merge branch 'markdown-xss-fix-option-2.1' into 'security' Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me>		2016-11-09 12:26:44 +01:00
..
filter	Merge branch 'markdown-xss-fix-option-2.1' into 'security'	2016-11-09 12:26:44 +01:00
pipeline	Add RTL support to markdown renderer	2016-10-16 17:47:48 +03:30
reference_parser	Merge branch 'issue_23548_dev' into 'master'	2016-11-09 12:25:17 +01:00
cross_project_reference.rb
filter.rb	Remove redundant `require`s from Banzai files	2016-03-24 13:23:47 -04:00
filter_array.rb	Add FilterArray class to Banzai	2016-03-01 15:54:35 -05:00
note_renderer.rb	Use CacheMarkdownField for notes	2016-10-07 02:54:26 +01:00
object_renderer.rb	Use CacheMarkdownField for notes	2016-10-07 02:54:26 +01:00
pipeline.rb
querying.rb
redactor.rb	Fix Markdown styling inside reference links	2016-11-01 09:49:30 +00:00
reference_extractor.rb	Retrieve rendered HTML from cache in one request	2016-07-21 21:17:25 +02:00
reference_parser.rb	Split Markdown rendering & reference gathering	2016-05-26 17:14:00 +02:00
renderer.rb	Split out markdown cache storage into a separate method	2016-11-04 04:00:14 +00:00