Commit graph

4 commits

Author SHA1 Message Date
Timothée Alby
89f31d71e3 Merge pull request #1603 from sharelatex/spd-admin-panel-buttons-not-working
Don't use multipart/form-data for admin panel buttons

GitOrigin-RevId: 97c265a1c0addbddf5628d5e0c70fedb38bda75d
2019-03-11 11:07:45 +00:00
Shane Kilkelly
7f7b10aa09 Sanitize display of system messages.
When showing system-messages, use default Angular sanitizer, also,
on the admin panel itself, show the verbatim text of the message.

This solves a mild Stored-XSS vulnerability whereby a user could
put `<script>` tags in a message. We don't want that, but we do want
to be able to use basic html tags.
2018-08-22 10:15:50 +01:00
Shane Kilkelly
b0dd7475b0 fix pug syntax 2017-01-31 14:57:22 +00:00
Shane Kilkelly
57cd54bf55 WIP: migrate from jade to pug 2017-01-20 12:03:02 +00:00
Renamed from services/web/app/views/admin/index.jade (Browse further)