Commit graph

25 commits

Author SHA1 Message Date
Sam
fbbd4999b6 FIX: remove invalid hack, correct whitelist to use value returned from callback 2014-07-25 12:16:00 +10:00
Robin Ward
43b997c1ce TRIVIAL: Santiize some extra attributes from images 2014-07-04 13:22:48 -04:00
Robin Ward
fc1ce96dbb FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
2014-07-03 16:55:36 -04:00
Robin Ward
a7ad7f6a45 Remove some obscure HTML tags from sanitization 2014-06-24 11:03:45 -04:00
Robin Ward
a57ecef253 BUGFIX: Do not allow font tags. 2014-02-20 11:10:56 -05:00
Kane York
9f8f0f115c Restore 'article' to whitelist 2014-02-18 16:22:42 -08:00
Kane York
2e864f5ad7 Remove audio and video tags as well 2014-02-13 21:47:13 -08:00
Kane York
5b819f191a Removing more stuff from the sanitizer whitelist 2014-02-13 20:18:40 -08:00
Robin Ward
af5254d3b4 FIX: Remove canvas tag. 2014-02-05 12:22:36 -05:00
Robin Ward
8adb08a9ca FIX: Don't allow <button> in posts either. 2014-02-04 16:29:00 -05:00
Robin Ward
abffcd9f94 FIX: Blacklist <textarea> 2014-02-04 12:48:33 -05:00
Robin Ward
b90e811825 FIX: We don't need support for rows or cols in textarea. 2013-12-23 18:11:35 -05:00
Régis Hanol
06dd7ffe3c better revision history 2013-12-12 03:41:34 +01:00
Robin Ward
0ece195723 Blacklist <center> 2013-12-04 11:43:20 -05:00
Régis Hanol
9b6538832d whitelist google.com/maps iframes 2013-11-29 18:08:53 +01:00
Robin Ward
d9a16079a5 FIX: Do not allow users to create tables 2013-10-21 13:32:15 -04:00
Robin Ward
5281b7f80c Upgraded and refactored Sanitizing. Much less crap should get through now!
Conflicts:
	app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-15 10:53:11 -04:00
Robin Ward
af931f0444 Reverting the Sanitizer commit in case we have to do something urgent
before we deploy it early next week. It's in the branch `sanitizer` for
now.

This reverts commit 9e93d8ed52.
2013-10-11 16:44:26 -04:00
Robin Ward
9e93d8ed52 Upgraded and refactored Sanitizing. Much less crap should get through now!
Conflicts:
	app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-11 16:25:40 -04:00
Régis Hanol
ede9d2a0a8 show diff in post history view 2013-04-29 03:20:51 +02:00
Robin Ward
88267429c5 Remove fastclick for now -- we saw some regressions on iPad and want to make sure they weren't caused by
it.
2013-02-26 10:47:23 -05:00
Gosha Arinich
cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Sam Saffron
b9f3666f5a fast click instead of hacky double event binding 2013-02-25 11:11:46 +11:00
Robin Ward
f661fa609e Convert all CoffeeScript to Javascript. See:
http://meta.discourse.org/t/is-it-better-for-discourse-to-use-javascript-or-coffeescript/3153
2013-02-20 19:01:13 -05:00
Sam Saffron
0c085059c9 added sane sanitizer (Google Cajole) that is much more robust than old one ... yay for smilies
added sane way to do $LAB includes - pattern to be expanded
people keep on messing structure.sql
2013-02-20 16:11:56 +11:00