overleaf

mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00

History

Shane Kilkelly 7f7b10aa09 Sanitize display of system messages. When showing system-messages, use default Angular sanitizer, also, on the admin panel itself, show the verbatim text of the message. This solves a mild Stored-XSS vulnerability whereby a user could put `<script>` tags in a message. We don't want that, but we do want to be able to use basic html tags.	2018-08-22 10:15:50 +01:00
..
web	Sanitize display of system messages.	2018-08-22 10:15:50 +01:00

Shane Kilkelly 7f7b10aa09 Sanitize display of system messages.

When showing system-messages, use default Angular sanitizer, also,
on the admin panel itself, show the verbatim text of the message.

This solves a mild Stored-XSS vulnerability whereby a user could
put `<script>` tags in a message. We don't want that, but we do want
to be able to use basic html tags.

2018-08-22 10:15:50 +01:00

web

Sanitize display of system messages.

2018-08-22 10:15:50 +01:00