nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/app/assets
History
Jonne Haß ecb1b80e24 Render flash message content with .text 
.html does not escape any html input in these, leading to XSS
attack vectors.

Thanks to A Kai (@sixhundredns) for reporting the related issues.
2014-05-24 16:08:32 +02:00
..
images It is now possible to report comments 2014-05-15 07:23:43 -04:00
javascripts Render flash message content with .text 2014-05-24 16:08:32 +02:00
stylesheets Do not try to render posts/comments which are not present 2014-05-16 09:48:14 -04:00
templates If you're able to remove the comment you shouldn't be able to report it 2014-05-15 07:23:44 -04:00