Dan Brown
7cc17934a8
Made MD editor display a sandboxed iframe
...
- Also added escaping of srcdoc elements in escape logic.
Related to #1531
2019-08-26 12:16:50 +01:00
Dan Brown
2955f414dd
Added iframe JS and data url escaping
...
Related to #1531
2019-08-06 21:08:24 +01:00
Dan Brown
c732970f6e
Hardened page content script escaping
...
Increased range of tests to cover.
Fixes #1531
2019-07-10 20:17:22 +01:00
Dan Brown
ad542f0407
Prevented potential inline JS event usage
...
- Removes 'on*' attributes from elements.
- Also updated script logic to remove scripts instead of escaping.
- All JS injection removal now uses DomDocument + xpath parsing.
2019-05-05 13:53:37 +01:00
Dan Brown
2bb06463d5
Added deeper content id de-duplication
...
Closes #1393
2019-04-21 12:22:41 +01:00
Dan Brown
0bc5ccba32
Add revision restore confirm and changed http method
...
Closes #1321
2019-04-20 13:25:16 +01:00
Dan Brown
6c66a8935a
Added test to check page HTML id de-duplication
...
Relates to #1393
2019-04-20 13:01:56 +01:00
Dan Brown
c380c10d54
Prevented bad duplicate IDs causing major exception
...
Related to #1393
2019-04-15 21:20:32 +01:00
Dan Brown
0e0a17cc30
Prevented page text content includes
...
Avoids possible permission issues where included content shown in search or preview
where the user would not normally have permission to view the included content.
Closes #1178
2019-01-05 17:18:40 +00:00
Dan Brown
85f330c79a
Extracted many page-specific repo methods into page-specific repo
2018-10-13 11:27:55 +01:00
Dan Brown
919660678b
Re-structured the app code to be feature based rather than code type based
2018-09-25 12:30:50 +01:00
Dan Brown
1ad6fe1cbd
Added togglable script escaping to page content
...
Configurable via 'ALLOW_CONTENT_SCRIPTS' env variable.
Fixes #575
2018-03-17 15:52:42 +00:00
Dan Brown
359b1b40a2
Fixed broken table/ol/ul page includes
...
Fixes #640
2017-12-30 15:50:33 +00:00
Dan Brown
74a5e3113e
Fixed page includes erroring on save
...
Closes #514
2017-09-20 21:03:40 +01:00
Dan Brown
cc0ce7c630
Fixed bug preventing page revision restore
...
Added regression tests to cover.
Fixes #341
2017-03-23 22:19:14 +00:00
Dan Brown
387047f262
Fixed inaccessible revisions, added regression tests
...
Fixes #309
2017-02-25 12:29:01 +00:00
Dan Brown
33a2999a57
Namespaced tests to align with new laravel default
2017-02-04 11:58:42 +00:00
Dan Brown
6669998c10
Upgraded to Laravel 5.4
2017-01-25 19:35:40 +00:00
Dan Brown
2d4034f3b7
Added transclusion tests and fixed other tests
2017-01-21 16:16:27 +00:00