mirror of
https://github.com/zulip/zulip.git
synced 2025-11-20 22:48:16 +00:00
1207a08b36
This fixes an XSS issue with Zulip's muting UI, where if a stream or topic name contained malicious HTML containing JavaScript, and the user did a muting interaction, the malicious JavaScript could run when rendering the "you just muted a topic" notification. We did an audit for similarly problematic use of `.html`, and found none; for the next release we'll be merging a series of changes to our linter to prevent future instances of this being added. Thanks to Suhas Sunil Gaikwad for reporting this issue.
5.7 KiB
5.7 KiB