mirror of https://github.com/zulip/zulip.git
65b9d9e0f3
Zulip's search typeahead had a security bug, where when autocompleting a specially crafted stream name, and then hitting space, code within the stream name would be executed. Zulip was doing HTML escaping correctly in the main code path using Filter.describe to describe a narrow, but the escaping function was not called in a few parallel code paths. We fix this in a way that should protect all of these code paths, by making Filter.describe return properly escaped HTML, rather than depending on its callers to do so. Thanks to w2w for reporting this issue. |
||
|---|---|---|
| .. | ||
| casper_lib | ||
| casper_tests | ||
| node_tests | ||
| zjsunit | ||
| .eslintrc.json | ||
| run-casper | ||