paulmataruso/zulip-desktop
1
0
Fork 0
mirror of https://github.com/zulip/zulip-desktop.git synced 2025-11-04 05:53:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a9d59b3dcdb59c76a3b5dcb99bb61c78634e3a8f
zulip-desktop/app/renderer/js
History
Anders Kaseorg a9d59b3dcd CVE-2020-24582: Escape all strings interpolated into HTML. 
Also fix various variable names to consistently indicate which strings
contain HTML.

Some of these changes close cross-site scripting vulnerabilities, and
others are for consistency.  It’s important to be meticulously
consistent about escaping so that changes that would introduce
vulnerabilities stand out as obviously wrong.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-04 22:52:38 -07:00
..
components
CVE-2020-24582: Escape all strings interpolated into HTML.
2020-09-04 22:52:38 -07:00
notification
notification: Move loadBots call to preload, to break an import cycle.
2020-07-24 01:37:07 -07:00
pages
CVE-2020-24582: Escape all strings interpolated into HTML.
2020-09-04 22:52:38 -07:00
shared
typescript: Switch to ES import/export syntax.
2020-03-04 17:21:03 -08:00
utils
CVE-2020-24582: Escape all strings interpolated into HTML.
2020-09-04 22:52:38 -07:00
clipboard-decrypter.ts
xo: Sort imports with import/order.
2020-07-23 23:06:41 -07:00
electron-bridge.ts
xo: Sort imports with import/order.
2020-07-23 23:06:41 -07:00
feedback.ts
xo: Sort imports with import/order.
2020-07-23 23:06:41 -07:00
injected.ts
spellchecker: Use Electron 8 built-in spellchecker.
2020-06-18 18:14:23 +05:30
main.ts
CVE-2020-24582: Escape all strings interpolated into HTML.
2020-09-04 22:52:38 -07:00
preload.ts
notification: Move loadBots call to preload, to break an import cycle.
2020-07-24 01:37:07 -07:00
tray.ts
xo: Sort imports with import/order.
2020-07-23 23:06:41 -07:00