Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/web
History
Anders Kaseorg 3ca131743b CVE-2023-33186: Fix topic tooltip cross-site scripting vulnerability. 
Commit 903dbda79b (#25370) introduced a
cross-site scripting vulnerability in the tooltips for the stream and
topic in the recipient bar.  An attacker who can send messages could
maliciously craft a topic for the message, such that a victim who
hovers the tooltip for that topic in their message feed triggers
execution of JavaScript code controlled by the attacker.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
 		2023-05-29 16:35:49 -07:00
..
e2e-tests settings: Close date-picker when settings modal is closed. 2023-05-23 17:01:00 -07:00
generated
html
images compose: Add DM icon to the recipient dropdown. 2023-04-27 17:04:19 -07:00
shared shared: Avoid replaceAll again. 2023-05-25 22:39:12 -07:00
src CVE-2023-33186: Fix topic tooltip cross-site scripting vulnerability. 2023-05-29 16:35:49 -07:00
styles alerts: Fix vertical alignment of "x" button. 2023-05-29 14:49:32 -07:00
templates CVE-2023-33186: Fix topic tooltip cross-site scripting vulnerability. 2023-05-29 16:35:49 -07:00
tests popovers: Fix popovers not being hidden on scrolling. 2023-05-27 08:04:45 -07:00
third css: Scroll on `html` instead of `.app`. 2023-05-24 15:43:19 -07:00
.browserslistrc webpack: Move webpack configuration to web. 2023-02-24 06:35:58 -08:00
.gitignore
babel.config.js dependencies: Upgrade JavaScript dependencies. 2023-04-25 22:18:48 -07:00
debug-require-webpack-plugin.ts
debug-require.js
postcss.config.js postcss: Enable postcss-preset-env. 2023-03-20 11:26:30 -07:00
webpack.assets.json webpack: Move webpack configuration to web. 2023-02-24 06:35:58 -08:00
webpack.config.ts static: Add Timing-Allow-Origin: * to allow sentry data timing. 2023-05-09 13:16:28 -07:00
webpack.dev-assets.json webpack: Move webpack configuration to web. 2023-02-24 06:35:58 -08:00