hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-19 23:48:57 -04:00

History

David Mehren f552b14e11 Sanitize username and photo URL HedgeDoc displays the username and user photo at various places by rendering the respective variables into an `ejs` template. As the values are user-provided or generated from user-provided data, it may be possible to inject unwanted HTML. This commit sanitizes the username and photo URL by passing them through the `xss` library. Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com> Signed-off-by: David Mehren <git@herrmehren.de>		2021-05-09 19:28:44 +02:00
..
config	Automatically enable protocolUseSSL when useSSL is set	2021-05-06 21:19:14 +02:00
migrations	Add missing catch	2020-12-02 19:39:06 +01:00
models	Sanitize username and photo URL	2021-05-09 19:28:44 +02:00
ot	Fix logging in ot module	2018-11-13 23:30:13 +01:00
web	ImageRouterImgur: Replace imgur library with note-fetch request	2021-04-22 21:23:27 +02:00
workers	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00
csp.js	Fix upgradeInsecureRequests CSP directive	2021-05-04 11:10:53 +02:00
errors.js	Check for existing notes on POST and dont override them	2021-03-29 23:00:34 +02:00
history.js	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00
letter-avatars.js	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00
logger.js	Fix eslint warnings	2019-05-31 00:30:29 +02:00
prometheus.js	Add custom prometheus metrics	2021-04-25 20:06:56 +02:00
realtime.js	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00
response.js	Replace request library with node-fetch	2021-03-12 22:27:49 +01:00
utils.js	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00