Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/static/third
History
Rohitt Vashishtha 3bdc8bbaa5 CVE-2018-9986: Fix XSS issues with frontend markdown processor. 
This fixes a set of XSS issues with Zulip's frontend markdown
processor, which is used in a limited set of contexts, such as local
echo of messages and the drafts feature.

The implementation of several syntax elements, including the <em>
syntax, user and stream mentions, and some others failed to properly
escape the content inside the syntax.

Fix this, and add tests for each corrected code path.

Thanks to w2w for reporting this issue.
 		2018-04-12 09:46:37 -07:00
..
bootstrap bootstrap: Patch bootstrap.js to support contenteditable. 2017-11-10 14:14:03 -08:00
bootstrap-notify Give Feedback in non-obvious cases for sent messages 2013-11-01 12:34:39 -04:00
fontawesome Update Font Awesome to version 4.7.0. 2017-02-06 22:45:02 -08:00
handlebars deps: Upgrade and move `handlebars` from `static/third` to `npm`. 2017-03-04 21:49:02 -08:00
html5-formdata
jquery-autosize [third] Fix copyright for jquery.autosize.js 2013-09-06 10:58:48 -04:00
jquery-caret [third] Replace jquery-caret with newer implementation. 2016-06-14 16:36:51 -07:00
jquery-filedrop upload: Make filedrop error handling more consistent. 2018-01-29 16:06:11 -08:00
jquery-form Change from deprecated $.parseJSON to JSON.parse. 2017-07-27 14:16:57 -07:00
jquery-idle Refactor to delete mousewheel.js. 2017-07-03 11:04:20 -04:00
jquery-throttle-debounce
katex Revert "katex: Update the `require` path to point to the new one." 2018-01-23 12:30:28 -08:00
lazyload Update with proper LF line-endings. 2016-10-17 20:19:55 -07:00
marked CVE-2018-9986: Fix XSS issues with frontend markdown processor. 2018-04-12 09:46:37 -07:00
sockjs Revert "update-sockjs: Update sockjs from version 0.3.4 to 1.1.1." 2017-01-10 11:46:15 -08:00
sorttable
sourcesans third: Update version of Source Sans Pro font. 2017-08-28 16:08:30 -07:00
spectrum Patch spectrum.js for jQuery 3 compatibility. 2017-07-02 07:59:24 -04:00
zocial Zocial buttons: Fix overflow of text when internationalized. 2016-10-16 12:35:43 -07:00
thirdparty-fonts.css font-awesome: Fix font-awesome 4.7.0 upgrade in a hacky way. 2017-03-25 18:30:40 -07:00