mirror of
https://github.com/overleaf/overleaf.git
synced 2025-02-15 22:11:28 +00:00
When showing system-messages, use default Angular sanitizer, also, on the admin panel itself, show the verbatim text of the message. This solves a mild Stored-XSS vulnerability whereby a user could put `<script>` tags in a message. We don't want that, but we do want to be able to use basic html tags. |
||
---|---|---|
.. | ||
analytics | ||
components | ||
directives | ||
filters | ||
ide | ||
main | ||
modules | ||
services | ||
utils | ||
base.coffee | ||
ide.coffee | ||
libraries.coffee | ||
main.coffee |