revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 17:52:43 +01:00
Code Issues Releases Wiki Activity
11931 commits 3 branches 7 tags 153 MiB
Commit graph

2 commits

Author SHA1 Message Date
Chad Little
deb06727ea Update Help for handleRequest 
Summary: Updates Help for handleRequest

Test Plan: Launch help dialog, close dialog

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8628

Differential Revision: https://secure.phabricator.com/D13772
 2015-08-01 15:40:03 -07:00
epriestley
039b8e43b9 Whitelist allowed editor protocols 
Summary:
This is the other half of D8548. Specifically, the attack here was to set your own editor link to `javascript\n:...` and then you could XSS yourself. This isn't a hugely damaging attack, but we can be more certain by adding a whitelist here.

We already whitelist linkable protocols in remarkup (`uri.allowed-protocols`) in general.

Test Plan:
Tried to set and use valid/invalid editor URIs.

{F130883}

{F130884}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8551
 2014-03-17 13:00:37 -07:00