Snippets Groups Projects

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

Verified Commit a14ee68f authored 8 years ago by Douwe Maan Committed by Rémy Coutable 8 years ago

Merge branch 'markdown-xss-fix-option-2.1' into 'security'

Fix for HackerOne XSS vulnerability in markdown

This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153

See merge request !2015

Signed-off-by: Rémy Coutable <remy@rymai.me>

parent bf061d0a

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 50 additions and 10 deletions

Please register or to comment