zulip/static/third
Anders Kaseorg 46e562f990 bootstrap: Change tooltip html default to false.
Bootstrap v2.2.0^2~40^2~6 changes this default to false, so this is a
prerequisite to upgrading Bootstrap, and it’s also safer.

This closes an HTML injection path via user full names in the emoji
reaction tooltip.  It doesn’t appear to be exploitable for cross-site
scripting because we disallow `>` in full names, and the code happens
to be written such that the next `>` is in a different parser
invocation.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-19 20:53:10 -07:00
..
bootstrap bootstrap: Change tooltip html default to false. 2019-09-19 20:53:10 -07:00
bootstrap-notify
bootstrap-typeahead typeahead: Move tip text to bottom. 2019-09-17 13:09:03 -07:00
jquery-filedrop admin_settings: Change maxfilesize to max_file_upload_size. 2019-05-03 17:36:09 -07:00
jquery-idle Refactor to delete mousewheel.js. 2017-07-03 11:04:20 -04:00
marked markdown: Render ordered lists using <ol> markup. 2019-09-08 16:42:20 -07:00
sockjs Revert "update-sockjs: Update sockjs from version 0.3.4 to 1.1.1." 2017-01-10 11:46:15 -08:00