Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver
History
Anders Kaseorg 2d45308546 CVE-2020-10935: Fix XSS vulnerability in local link rewriting. 
Make sure rewrite_local_links_to_relative does not accidentally change
the meaning of links.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 		2020-04-01 14:01:45 -07:00
..
data_import text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
lib CVE-2020-10935: Fix XSS vulnerability in local link rewriting. 2020-04-01 14:01:45 -07:00
management text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
migrations migrations: Refactor the enum type fields. 2020-03-27 00:21:21 -07:00
openapi openapi: Use response schema for describing simple success response. 2020-03-29 19:25:14 +05:30
templatetags openapi: Pass api_url to curl example generation. 2019-08-17 11:35:08 -07:00
tests CVE-2020-10935: Fix XSS vulnerability in local link rewriting. 2020-04-01 14:01:45 -07:00
tornado messages: Return shallow copy of message object. 2020-03-29 15:12:27 -07:00
views version: Move minimum desktop version configuration to version.py. 2020-04-01 13:23:08 -07:00
webhooks text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
worker emails: Added placeholders strings in FormAddress. 2020-03-27 16:41:02 -07:00
__init__.py
apps.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
context_processors.py decorators: Restructure get_client_name interface. 2020-03-08 14:19:50 -07:00
decorator.py rate_limit: Move functions called by external code to RateLimitedObject. 2020-03-22 18:42:35 -07:00
filters.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
forms.py rate_limit: Remove __str__ methods of RateLimitedObjects. 2020-03-22 18:42:35 -07:00
logging_handlers.py version: Only let `git describe` match tags beginning with a digit. 2019-10-24 14:54:45 -07:00
middleware.py middleware: Log <user.id>@subdomain instead of subdomain/<user.id>. 2020-03-24 10:25:01 -07:00
models.py text: Fix some typos (most of them found and fixed by codespell). 2020-03-27 17:25:56 -07:00
signals.py emails: Translate from_name of account security emails. 2020-02-18 17:45:33 -08:00