paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-02 13:03:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
25,375 Commits 30 Branches 160 Tags
3bdc8bbaa51ced2c241da6107ec8b3604ebb2853
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Rohitt Vashishtha 3bdc8bbaa5 CVE-2018-9986: Fix XSS issues with frontend markdown processor. 
This fixes a set of XSS issues with Zulip's frontend markdown
processor, which is used in a limited set of contexts, such as local
echo of messages and the drafts feature.

The implementation of several syntax elements, including the <em>
syntax, user and stream mentions, and some others failed to properly
escape the content inside the syntax.

Fix this, and add tests for each corrected code path.

Thanks to w2w for reporting this issue.
2018-04-12 09:46:37 -07:00
.circleci
install-node: Upgrade node, yarn, and nvm.
2018-04-09 13:56:48 -07:00
.github
github: Suggest GIFs too in PR template.
2018-02-16 09:59:22 -08:00
.tx
translation: Add configuration for a zulip-test Transifex project.
2018-02-15 13:38:09 -08:00
analytics
mypy: Annotate stream_data in populate_analytics_db.py handle function.
2018-03-25 08:59:08 -07:00
confirmation
create_realm: Refactor to deal ASAP with key record, not string.
2018-02-05 12:59:12 -08:00
corporate
corporate: Remove unused imports (F401).
2017-11-07 16:37:04 -08:00
docs
docs: Fix typo in production docs.
2018-04-12 09:19:26 -07:00
frontend_tests
CVE-2018-9986: Fix XSS issues with frontend markdown processor.
2018-04-12 09:46:37 -07:00
pgroonga
py3: Remove all from __future__ import unicode_literals.
2017-10-17 23:07:42 -07:00
puppet
puppet: Add Content-Security-Policy for user avatars.
2018-04-10 14:43:08 -07:00
requirements
requirements: Downgrade pika to 0.11.0.
2018-04-11 09:31:10 -07:00
scripts
scripts: Remove the depreciated script 'postgres-reset-sequences'.
2018-04-10 13:07:14 -07:00
static
CVE-2018-9986: Fix XSS issues with frontend markdown processor.
2018-04-12 09:46:37 -07:00
templates
help: Remove follow-steps doc macro.
2018-04-11 16:44:08 -07:00
tools
browser-support: Add string.prototype.endswith polyfill.
2018-04-11 15:40:57 -07:00
zerver
CVE-2018-9986: Fix XSS issues with frontend markdown processor.
2018-04-12 09:46:37 -07:00
zilencer
profile: Remove integer and float fields.
2018-04-02 09:46:21 -07:00
zproject
cleanup: Remove the legacy Dropbox file upload integration.
2018-04-11 11:39:48 -07:00
zthumbor
mypy: Rewrite sign_is_valid in zthumbor helpers.py for None secret_key.
2018-03-25 08:59:08 -07:00
.codecov.yml
Try to avoid codecov spam.
2017-12-29 07:23:26 -05:00
.editorconfig
Editing (minor): Add .pyi to .editorconfig.
2017-12-18 07:35:58 -05:00
.eslintignore
zulip_ops: Delete the long-disused stats1.zulip.net config and its dependencies.
2017-08-15 17:30:31 -07:00
.eslintrc.json
cleanup: Remove the legacy Dropbox file upload integration.
2018-04-11 11:39:48 -07:00
.gitattributes
gitattributes: Mark yarn.lock as "binary", i.e. suppress diffs.
2018-02-01 13:37:19 -08:00
.gitignore
gitignore: Ignore a Transifex secrets file.
2018-02-15 13:38:09 -08:00
.gitlint
lint: Allow revert commit messages in gitlint.
2018-02-13 09:21:01 -08:00
.isort.cfg
python: Add settings for isort.
2017-11-14 12:31:14 -08:00
.npmignore
.travis.yml
travis: Disable most suites in favor of CircleCI!
2018-01-31 11:10:03 -08:00
CODE_OF_CONDUCT.md
CONTRIBUTING.md
doc: Add blog link to CONTRIBUTING.
2018-02-09 12:04:28 -08:00
Dockerfile-dev
Move Dockerfile to Dockerfile-dev.
2017-09-25 12:32:33 -07:00
LICENSE
docs: Move license declaration from README.md to LICENSE.
2017-11-14 16:04:23 -08:00
manage.py
Remove from __future__ import absolute_import.
2017-10-17 22:59:42 -07:00
mypy.ini
tools/mypy: Enforce a more explicit checking of Optional.
2018-03-28 12:31:51 -07:00
package.json
browser-support: Add string.prototype.endswith polyfill.
2018-04-11 15:40:57 -07:00
README.md
README: Include CircleCI build status badge.
2018-02-08 18:24:43 -08:00
Vagrantfile
vagrant: Fix link to testing docs in motd.
2018-04-05 14:41:38 -07:00
version.py
browser-support: Add string.prototype.endswith polyfill.
2018-04-11 15:40:57 -07:00
yarn.lock
browser-support: Add string.prototype.endswith polyfill.
2018-04-11 15:40:57 -07:00

README.md

Zulip overview

Zulip is a powerful, open source group chat application that combines the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip is used by open source projects, Fortune 500 companies, large standards bodies, and others who need a real-time chat system that allows users to easily process hundreds or thousands of messages a day. With over 300 contributors merging over 500 commits a month, Zulip is also the largest and fastest growing open source group chat project.

CircleCI Build Status Travis Build Status Coverage Status Mypy coverage docs Zulip chat Twitter

Getting started

Click on the appropriate link below. If nothing seems to apply, join us on the Zulip community server and tell us what's up!

You might be interested in:

You may also be interested in reading our blog or following us on twitter. Zulip is distributed under the Apache 2.0 license.

Reference in New Issue View Git Blame Copy Permalink
Description
Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
apachechatcollaborationelectronfossfreejavascriptpythonpython3react-nativeslackzulip
Readme Apache-2.0 856 MiB
Languages
Python 58.5%
TypeScript 18.1%
JavaScript 9.1%
CSS 3.9%
HTML 3.6%
Other 6.6%