mirror of https://github.com/zulip/zulip.git
3bdc8bbaa5
This fixes a set of XSS issues with Zulip's frontend markdown processor, which is used in a limited set of contexts, such as local echo of messages and the drafts feature. The implementation of several syntax elements, including the <em> syntax, user and stream mentions, and some others failed to properly escape the content inside the syntax. Fix this, and add tests for each corrected code path. Thanks to w2w for reporting this issue. |
||
|---|---|---|
| .. | ||
| casper_lib | ||
| casper_tests | ||
| node_tests | ||
| zjsunit | ||
| .eslintrc.json | ||
| run-casper | ||