nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/app/assets/javascripts
History
Jonne Haß ecb1b80e24 Render flash message content with .text 
.html does not escape any html input in these, leading to XSS
attack vectors.

Thanks to A Kai (@sixhundredns) for reporting the related issues.
2014-05-24 16:08:32 +02:00
..
app Changed and renamed database columns 2014-05-15 07:23:44 -04:00
helpers clear locale on each spec run, fix indentation 2014-02-23 17:13:01 +01:00
pages fix timeago 2014-01-29 03:24:10 +01:00
widgets Render flash message content with .text 2014-05-24 16:08:32 +02:00
aspect-edit-pane.js Fix aspect renaming after a regression caused by jquery upgrade, close #4822 2014-03-06 00:04:48 +01:00
aspects-dropdown.js WIP backbone-ify publisher, get rid of weird old POJsO 2012-09-16 14:35:59 +02:00
bootstrap-scrollspy-custom.js add our changes back to bootstrap custom 2012-05-30 16:58:21 -07:00
browser_detection.js add browser detection 2014-02-23 16:48:47 +01:00
clear-form.js Fix Jasmine tests - first pass 2012-03-27 18:08:27 -07:00
contact-edit.js [WIP] aspect membership dropdown Backbone.js rework 2013-02-17 13:40:10 +01:00
contact-list.js #live is no longer supported, use on instead 2014-02-23 16:48:46 +01:00
diaspora.js re-add hovercards 2012-12-28 22:37:13 +01:00
finder.js
friend-finder.js
home.js close issues #4017 and 4107 by including jquery.textchange 2013-04-09 16:21:19 -03:00
ie.js
inbox.js #live is no longer supported, use on instead 2014-02-23 16:48:46 +01:00
jasmine-load-all.js Locator feature 2013-05-02 17:31:53 -05:00
login.js
mailchimp.js
main.js add browser detection 2014-02-23 16:48:47 +01:00
mentions.js update jquery.mentionsInput to latest version 2012-07-10 20:37:57 +02:00
mobile.js #live is no longer supported, use on instead 2014-02-23 16:48:46 +01:00
osmlocator.js Locator feature 2013-05-02 17:31:53 -05:00
people.js move ui feedback into success callback 2013-09-04 14:47:28 +02:00
photo-show.js
photos.js
profile.js Adding ignore user icon 2013-09-04 14:47:23 +02:00
templates.js
validation.js DG RY; mostly done, validations pending [ci skip] 2012-05-04 17:38:07 -07:00
view.js #live is no longer supported, use on instead 2014-02-23 16:48:46 +01:00