BookStack/app/Http
Dan Brown 349162ea13
Prevented possible XSS via link attachments
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
..
Controllers Prevented possible XSS via link attachments 2020-10-31 15:01:52 +00:00
Middleware Updated locale lists for Bulgarian 2020-09-19 15:36:17 +01:00
Requests Change application namespace to BookStack 2015-09-10 19:31:09 +01:00
Kernel.php Removed throttling from web-end requests 2020-04-11 20:02:07 +01:00
Request.php Ran phpcbf and updated helpers typehinting 2019-09-15 18:29:51 +01:00