kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib/banzai/filter
History
Douwe Maan a14ee68fe4
Merge branch 'markdown-xss-fix-option-2.1' into 'security' 
Fix for HackerOne XSS vulnerability in markdown

This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153

See merge request !2015

Signed-off-by: Rémy Coutable <remy@rymai.me>
 		2016-11-09 12:26:44 +01:00
..
wiki_link_filter Fix URLs with anchors in wiki 2016-09-13 23:53:40 -07:00
abstract_reference_filter.rb Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
autolink_filter.rb Merge branch 'markdown-xss-fix-option-2.1' into 'security' 2016-11-09 12:26:44 +01:00
blockquote_fence_filter.rb
commit_range_reference_filter.rb Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
commit_reference_filter.rb Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
emoji_filter.rb Convert UTF-8 Emoji to Gitlab emoji 2016-10-13 13:18:30 +02:00
external_issue_reference_filter.rb Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
external_link_filter.rb Add Nofollow for uppercased scheme in external url 2016-10-18 13:54:02 +01:00
gollum_tags_filter.rb
html_entity_filter.rb fix: commit messages being double-escaped in activies tab 2016-10-18 05:06:02 -07:00
image_link_filter.rb
inline_diff_filter.rb
issue_reference_filter.rb Prevent wrong markdown on issue ids when project has Jira service activated 2016-10-19 13:46:04 -02:00
label_reference_filter.rb Pass user instance to Labels::FindOrCreateService or skip_authorization: true 2016-10-28 11:31:45 +02:00
markdown_filter.rb Fix methods visibility in markdown filter class 2016-07-19 15:12:15 +02:00
merge_request_reference_filter.rb
milestone_reference_filter.rb Use JavaScript tooltips for mentions (!5301) 2016-09-01 01:21:34 +02:00
redactor_filter.rb
reference_filter.rb Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
relative_link_filter.rb Escape ref and path for relative links (!6050) 2016-10-24 22:18:34 +02:00
sanitization_filter.rb Adds v-pre to code blocks in comments 2016-10-04 14:06:44 +01:00
set_direction_filter.rb Add RTL support to markdown renderer 2016-10-16 17:47:48 +03:30
snippet_reference_filter.rb
syntax_highlight_filter.rb Removed puts code 🙈 2016-10-04 14:28:57 +01:00
table_of_contents_filter.rb
task_list_filter.rb Replace talk_list patch with a patched fork 2016-09-30 16:38:02 -05:00
upload_link_filter.rb
user_reference_filter.rb Fix Markdown styling inside reference links 2016-11-01 09:49:30 +00:00
video_link_filter.rb Enable Style/EmptyLinesAroundClassBody cop 2016-08-06 03:52:24 +02:00
wiki_link_filter.rb
yaml_front_matter_filter.rb