github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-02-12 15:12:29 +00:00
Code Issues Projects Releases Packages Wiki Activity
hedgedoc/lib
History
David Mehren f552b14e11
Sanitize username and photo URL 
HedgeDoc displays the username and user photo at various places
by rendering the respective variables into an `ejs` template.
As the values are user-provided or generated from user-provided data,
it may be possible to inject unwanted HTML.

This commit sanitizes the username and photo URL by passing them
through the `xss` library.

Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 19:28:44 +02:00
..
config Automatically enable protocolUseSSL when useSSL is set 2021-05-06 21:19:14 +02:00
migrations
models Sanitize username and photo URL 2021-05-09 19:28:44 +02:00
ot
web ImageRouterImgur: Replace imgur library with note-fetch request 2021-04-22 21:23:27 +02:00
workers
csp.js Fix upgradeInsecureRequests CSP directive 2021-05-04 11:10:53 +02:00
errors.js Check for existing notes on POST and dont override them 2021-03-29 23:00:34 +02:00
history.js
letter-avatars.js
logger.js
prometheus.js Add custom prometheus metrics 2021-04-25 20:06:56 +02:00
realtime.js
response.js Replace request library with node-fetch 2021-03-12 22:27:49 +01:00
utils.js