webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-05 00:42:14 +03:00
Code Activity
5,116 Commits 14 Branches 213 Tags
development
Commit Graph

55 Commits

Author SHA1 Message Date
Dan Brown
040997fdc4 Added filter for xlink:href svg xss 
Simply remove all such attributes
 2021-09-03 22:34:49 +01:00
Dan Brown
5e6092aaf8 Added extra HTML filtering of dangerous content 
In particular, That around the casing of dangerous values within
attributes. This uses some xpath translation to handle different casing
in contains searching.
 2021-09-02 22:02:30 +01:00
Dan Brown
934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown
b5caaa73b7 Fixed content parsing break with line html comment 
Fixes issues thrown in custom HMTL head & page content filtering when
the content is comprised of only a single HTML comment.
Adds tests to cover.

For #2804
 2021-06-13 12:53:04 +01:00
Dan Brown
43b6633183 Filtered scripts in custom HTML head for exports 
Since it appeared to cause problems in some scenarios.
Related to #2490
 2021-05-03 23:59:52 +01:00