Commit graph

27 commits

Author SHA1 Message Date
Régis Hanol
a9342dbf92 SECURITY: fix XSS in link's href 2014-07-15 16:11:37 +02:00
Robin Ward
1886ffaff2 FIX: Work with phpBB import style links with ellipsis 2014-07-14 14:27:17 -04:00
Robin Ward
fc1ce96dbb FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
2014-07-03 16:55:36 -04:00
Robin Ward
9c48f8f154 FIX: Don't surround <aside> with <p> as that is malformed HTML. 2014-06-30 18:11:22 -04:00
Robin Ward
a7ad7f6a45 Remove some obscure HTML tags from sanitization 2014-06-24 11:03:45 -04:00
Robin Ward
ff55a30dd7 FIX: <pre> blocks were adding too many new lines. 2014-06-23 15:21:07 -04:00
Robin Ward
c6b92f0ef7 FIX: Support for nested bold/italics in MD 2014-06-09 17:46:36 -04:00
Robin Ward
f51cbc8952 FIX: @mentions should not be processed within links 2014-05-06 17:48:30 -04:00
Robin Ward
ba683bc611 FIX: XSS in markdown converter. 2014-04-28 14:44:15 -04:00
Robin Ward
ed6e2b1d79 Remove Zalgo API from Discourse.Mention:
http://blog.izs.me/post/59142742143/designing-apis-for-asynchrony -
Thanks @riking for finding it.
2014-04-14 16:51:18 -04:00
Régis Hanol
e663d78104 SECURITY: sanitize markdown urls (prevent XSS) 2014-03-27 15:34:35 +01:00
Robin Ward
7716d940a0 BUGFIX: Allow links to images with absolute URLs as well as parens 2014-02-20 15:24:03 -05:00
Robin Ward
af5254d3b4 FIX: Remove canvas tag. 2014-02-05 12:22:36 -05:00
Robin Ward
8adb08a9ca FIX: Don't allow <button> in posts either. 2014-02-04 16:29:00 -05:00
Robin Ward
abffcd9f94 FIX: Blacklist <textarea> 2014-02-04 12:48:33 -05:00
Vikhyat Korrapati
fad88c6cf3 Fix sanitization of smileys like <_< and <3. 2014-01-26 18:38:47 +05:30
Robin Ward
e2c361f353 FIX: Indented code blocks followed by <blockquote> weren't working. 2014-01-21 16:18:20 -05:00
Robin Ward
a502266c42 Enable JSHINT's unused option. It caught a bunch of suspicious stuff which is fixed in this commit. 2013-12-30 13:30:22 -05:00
Robin Ward
a7a7387da1 Automatically convert some quotes to blockquotes 2013-12-13 15:31:25 -05:00
Neil Lalonde
ed3d3ae1e1 Upgrade font-awesome to version 4 2013-12-11 10:31:09 -05:00
Robin Ward
0ece195723 Blacklist <center> 2013-12-04 11:43:20 -05:00
Régis Hanol
9b6538832d whitelist google.com/maps iframes 2013-11-29 18:08:53 +01:00
Robin Ward
0bab3f9b4e Revert "Revert "FIX: Markdown bug", breaks build"
This reverts commit 08ad5d479e.
2013-11-20 11:53:06 -05:00
Sam
08ad5d479e Revert "FIX: Markdown bug", breaks build
This reverts commit 4a32cddf80.
2013-11-20 10:41:21 +11:00
Robin Ward
4a32cddf80 FIX: Markdown bug 2013-11-19 16:23:04 -05:00
Robin Ward
b8e63719f8 FIX: Don't autolink within a markdown link. 2013-11-04 14:24:40 -05:00
Robin Ward
9adcd1579d Renamed components to lib in the JS project, as Ember has components and they mean something different. 2013-10-24 12:36:46 -04:00
Renamed from test/javascripts/components/markdown_test.js (Browse further)