a14ee68fe4
Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me> |
||
|---|---|---|
| .. | ||
| filter | ||
| pipeline | ||
| reference_parser | ||
| cross_project_reference.rb | ||
| filter.rb | ||
| filter_array.rb | ||
| note_renderer.rb | ||
| object_renderer.rb | ||
| pipeline.rb | ||
| querying.rb | ||
| redactor.rb | ||
| reference_extractor.rb | ||
| reference_parser.rb | ||
| renderer.rb | ||