Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/tests/fixtures
History
Tim Abbott e3a4aeeffa CVE-2020-9445: Remove unused and insecure modal_link feature. 
Zulip's modal_link markdown feature has not been used since 2017; it
was a hack used for a 2013-era tutorial feature and was never used
outside that use case.

Unfortunately, it's sloppy implementation was exposed in the markdown
processor for all users, not just the tutorial use case.

More importantly, it was buggy, in that it did not validate the link
using the standard validation approach used by our other code
interacting with links.

The right solution is simply to remove it.
 		2020-04-01 14:01:45 -07:00
..
email email_mirror: Add send_to_email_mirror management command. 2019-01-09 10:36:16 -08:00
import_fixtures models: Migration of Message.pub_date to date_sent, part 2. 2019-10-05 19:01:34 -07:00
ldap tests: For ldap tests, give each ldap user a unique password. 2020-02-19 14:46:29 -08:00
mattermost_fixtures mattermost: Add support for exporting DMs and huddles. 2019-10-10 16:37:03 -07:00
saml auth: Add initial SAML authentication support. 2019-10-10 15:44:34 -07:00
slack_fixtures import: Support importing team icon from slack. 2020-02-03 14:09:05 -08:00
.gitignore
authors.json
config.generate_data.json
csp_report.json
docs_url_preview_data.json
duplicate_commits.json
gitter_data.json gitter import: Add basic tests. 2018-07-23 08:36:30 -07:00
markdown_test_cases.json CVE-2020-9445: Remove unused and insecure modal_link feature. 2020-04-01 14:01:45 -07:00
narrow.json topic -> subject: Extract get_topic_from_message_info(). 2018-11-14 23:24:06 -08:00
slack_message_conversion.json slack import: Add support for bold-italics formatting. 2018-06-02 09:01:55 -07:00
user_agents_unique