mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-14 20:40:17 -05:00
7f7b10aa09
When showing system-messages, use default Angular sanitizer, also, on the admin panel itself, show the verbatim text of the message. This solves a mild Stored-XSS vulnerability whereby a user could put `<script>` tags in a message. We don't want that, but we do want to be able to use basic html tags. |
||
---|---|---|
.. | ||
index.pug | ||
register.pug |