overleaf

mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00

History

Shane Kilkelly 7f7b10aa09 Sanitize display of system messages. When showing system-messages, use default Angular sanitizer, also, on the admin panel itself, show the verbatim text of the message. This solves a mild Stored-XSS vulnerability whereby a user could put `<script>` tags in a message. We don't want that, but we do want to be able to use basic html tags.	2018-08-22 10:15:50 +01:00
..
index.pug	Sanitize display of system messages.	2018-08-22 10:15:50 +01:00
register.pug	WIP: migrate from jade to pug	2017-01-20 12:03:02 +00:00

Shane Kilkelly 7f7b10aa09 Sanitize display of system messages.

When showing system-messages, use default Angular sanitizer, also,
on the admin panel itself, show the verbatim text of the message.

This solves a mild Stored-XSS vulnerability whereby a user could
put `<script>` tags in a message. We don't want that, but we do want
to be able to use basic html tags.

2018-08-22 10:15:50 +01:00

index.pug

Sanitize display of system messages.

2018-08-22 10:15:50 +01:00

WIP: migrate from jade to pug

2017-01-20 12:03:02 +00:00