Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/static
History
Anders Kaseorg 8459185970 lightbox: Confine embedded video players to a unique origin. 
This fixes a cross-site scripting vulnerability in the upcoming Inline
URL Previews feature found by Graham Bleaney and Ibrahim Mohamed using
Pysa.

This commit doesn't get a CVE because the bug was present in a code
path introduced in the 2.1.x development branch, so it doesn't impact
any Zulip release.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 		2019-12-12 15:23:15 -08:00
..
assets styles: Finish removing manual antialiasing configuration. 2019-08-30 14:51:52 -07:00
audio notifications: Add a setting for changing the notification sound. 2018-12-09 21:25:30 -08:00
generated
html 5xx.html: Build with webpack. 2019-10-28 15:53:15 -07:00
images integrations: Add Gitea integration. 2019-11-18 11:55:24 -08:00
js lightbox: Confine embedded video players to a unique origin. 2019-12-12 15:23:15 -08:00
shared js: Automatically convert var to let and const in most files. 2019-11-03 12:42:39 -08:00
styles auth: Merge RemoteUserBackend into external_authentication_methods. 2019-12-10 20:16:21 +01:00
templates bots: Render bot owner name in bots settings as link to show owner profile. 2019-12-06 12:00:07 -08:00
third minor: Fix accidental global variable leak in marked. 2019-12-09 16:13:02 -08:00
.gitignore generate-custom-icon-webfont: Replace with webpack webfonts-loader. 2019-07-18 12:00:00 -07:00
favicon.ico