Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
349162ea13
BookStack/tests/Uploads
History
Dan Brown 349162ea13
Prevented possible XSS via link attachments 
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
..
AttachmentTest.php Prevented possible XSS via link attachments 2020-10-31 15:01:52 +00:00
AvatarTest.php Added testing for avatar fetching systems & config 2018-12-23 15:34:38 +00:00
DrawioTest.php Updated draw.io references to diagrams.net 2020-09-28 20:45:38 +01:00
ImageTest.php Fixed issue where URL params in image names would cause loading failure 2020-07-25 11:18:40 +01:00
UsesImages.php Fixed issue where URL params in image names would cause loading failure 2020-07-25 11:18:40 +01:00