status-im
/
codimd
mirror of https://github.com/status-im/codimd.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,454 Commits 23 Branches 35 Tags 26 MiB
Commit Graph

20 Commits

Author SHA1 Message Date
Sheogorath 93b91163cd
Prevent XSS vul by srcdoc in iframe 2017-11-24 10:10:50 +01:00
Wu Cheng-Han 9b00afb863 Fix unclosed tags might cause XSS [Security Issue] 2017-09-27 18:20:04 +08:00
Wu Cheng-Han 48df250491 Fix link regex should filter protocol with case insensitive flag [Security Issue] 2017-04-11 22:25:14 +08:00
Wu Cheng-Han e629800457 Fix XSS vulnerability in link regex [Security Issue] 2017-03-22 18:26:35 +08:00
Wu Cheng-Han 0f3b028ed6 Fix render.js code styles 2017-03-22 18:26:30 +08:00
BoHong Li 5bc642d02e Use JavaScript Standard Style (part 2) 
Fixed all fail on frontend code.
 2017-03-09 02:41:05 +08:00
Wu Cheng-Han 1ca39d9c8e Update to allow li tag specify value number 2017-02-17 21:56:35 +08:00
Wu Cheng-Han 79d5b2c37f Fix slide might able to add unsafe attribute on section tag which cause XSS [Security Issue] 2016-11-26 22:46:58 +08:00
Wu Cheng-Han ba2bfa2188 Update to support summary tag 2016-10-29 23:43:58 +08:00
Yukai Huang e10203b7e9 More function expose workaround for reveal-markdown.js 2016-10-10 08:24:58 +08:00
Yukai Huang 963a435ae1 Resolve dependency module requiring 
* es5 style module exports
* remove script tag require
* webpack config ProvidePlugin

Note that this commit only fix JavaScript module loading runtime error.
 2016-10-08 20:02:30 +08:00
Wu Cheng-Han ecd7218917 Update to support data uri in src attribute of image tag 2016-08-15 11:00:02 +08:00
Wu Cheng-Han cf290e86e1 Update XSS policy to allow iframe and link with custom protocol 2016-08-14 18:32:22 +08:00
Cheng-Han, Wu f6a995143d Update filter XSS to allow attr href starts with '.' or '/' 2016-04-20 18:18:52 +08:00
Cheng-Han, Wu edc3a31dfd Fix XSS HTML replace might get wrong on the HTML comments in the code tags 2016-04-20 18:10:43 +08:00
Cheng-Han, Wu 049eae5024 Fixed filter XSS should allow ordered list specify start number 2016-03-04 23:17:59 +08:00
Cheng-Han, Wu c509abbc39 Support kbd tag 2016-02-22 22:42:40 +08:00
Cheng-Han, Wu 2501b190ab Updated to support html comment tag in XSS 2016-02-16 09:51:22 -06:00
Cheng-Han, Wu 2a774064af Updated XSS filter options to allow style tag and style attribute 2016-02-11 14:33:21 -06:00
Cheng-Han, Wu 4c4a0e0f3f Fixed prevent XSS might break lots of tags and only need after rendered 2016-02-11 03:45:13 -06:00