zulip

Commit Graph

Author	SHA1	Message	Date
Tim Abbott	a2767e8c50	CVE-2020-14194: Use noopener/noreferrer for external links. We fixed the main issue of this form in CVE-2020-9444, but the audit done at that time only included links found in rendered_markdown; this change completes our audit for links with target=_blank anywhere in the codebase.	2020-06-16 23:35:39 -07:00
Thomas Ip	cbae51db63	settings: Move API key form into its own modal. The modal is rendered dynamically to avoid password managers inserting passwords into the input field too aggressively. Fixes #12523.	2019-08-14 10:50:45 -07:00

Author

SHA1

Message

Date

Tim Abbott

a2767e8c50

CVE-2020-14194: Use noopener/noreferrer for external links.

We fixed the main issue of this form in CVE-2020-9444, but the audit
done at that time only included links found in rendered_markdown; this
change completes our audit for links with target=_blank anywhere in
the codebase.

2020-06-16 23:35:39 -07:00

Thomas Ip

cbae51db63

settings: Move API key form into its own modal.

The modal is rendered dynamically to avoid password managers
inserting passwords into the input field too aggressively.

Fixes #12523.

2019-08-14 10:50:45 -07:00

2 Commits