revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-30 18:52:42 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/auth
History
epriestley 05a4c55c52 Explicitly add rel="noreferrer" to all external links 
Summary: See D19117. Instead of automatically figuring this out inside `phutil_tag()`, explicitly add rel="noreferrer" at the application level to all external links.

Test Plan:
  - Grepped for `_blank`, `isValidRemoteURIForLink`, checked all callsites for user-controlled data.
  - Created a link menu item, verified noreferrer in markup.
  - Created a link custom field, verified no referrer in markup.
  - Verified noreferrer for `{nav href=...}`.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Differential Revision: https://secure.phabricator.com/D19118
2018-02-17 17:46:11 -08:00
..
__tests__ Add test coverage for SSH key revocation 2018-01-25 19:47:20 -08:00
action Add a rate limit for guessing old passwords when changing passwords 2018-01-23 13:46:06 -08:00
application Add a bin/auth revoke revoker for SSH keys 2018-01-22 15:35:07 -08:00
capability Auth - add "manage providers" capability 2015-01-12 14:37:58 -08:00
conduit Deactivate SSH keys instead of destroying them completely 2016-05-18 14:54:28 -07:00
constants Support invites in the registration and login flow 2015-02-11 06:06:28 -08:00
controller Move account passwords to shared infrastructure 2018-01-23 13:43:07 -08:00
data Add session and request hooks to PhabricatorAuthSessionEngine 2016-11-17 13:09:29 -08:00
editor Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
engine Read lock all transaction edits 2018-02-10 20:07:46 -08:00
exception Add email invites to Phabricator (logic only) 2015-02-09 16:12:36 -08:00
extension Add a more modern object for storing password hashes 2018-01-22 15:35:28 -08:00
factor Fix spelling 2017-10-09 10:48:04 -07:00
garbagecollector Provide bin/garbage for interacting with garbage collection 2015-10-02 09:17:24 -07:00
guidance Add a bunch of Phacility-specific code to the upstream, thinly veiled as generic code 2016-11-15 09:11:22 -08:00
handler Modularize generation of supplemental login messages 2015-09-04 10:34:39 -07:00
mail Send forced mail on SSH key edits 2016-05-19 15:01:25 -07:00
management Add "bin/auth revoke --list" to explain what can be revoked 2018-01-23 14:01:39 -08:00
password Rename "PhabricatorPasswordHashInterface" to "PhabricatorAuthPasswordHashInterface" 2018-01-23 14:06:05 -08:00
phid Add a more modern object for storing password hashes 2018-01-22 15:35:28 -08:00
provider Move account passwords to shared infrastructure 2018-01-23 13:43:07 -08:00
query Add test coverage to the PasswordEngine upgrade workflow and fix a few bugs 2018-01-23 10:55:35 -08:00
revoker Add "bin/auth revoke --list" to explain what can be revoked 2018-01-23 14:01:39 -08:00
sshkey Send forced mail on SSH key edits 2016-05-19 15:01:25 -07:00
storage Rename "PhabricatorPasswordHashInterface" to "PhabricatorAuthPasswordHashInterface" 2018-01-23 14:06:05 -08:00
tokentype Redesign Config Application 2016-08-29 15:49:49 -07:00
view Explicitly add rel="noreferrer" to all external links 2018-02-17 17:46:11 -08:00
worker Send emails for email invites 2015-02-11 06:06:09 -08:00
xaction Add test coverage to the PasswordEngine upgrade workflow and fix a few bugs 2018-01-23 10:55:35 -08:00