paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-02 04:53:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
faa3ea0b8e7fd16cd030602130cdeed6f5c61b3a
zulip/static
History
Anders Kaseorg 8459185970 lightbox: Confine embedded video players to a unique origin. 
This fixes a cross-site scripting vulnerability in the upcoming Inline
URL Previews feature found by Graham Bleaney and Ibrahim Mohamed using
Pysa.

This commit doesn't get a CVE because the bug was present in a code
path introduced in the 2.1.x development branch, so it doesn't impact
any Zulip release.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-12-12 15:23:15 -08:00
..
assets
styles: Finish removing manual antialiasing configuration.
2019-08-30 14:51:52 -07:00
audio
generated
html
5xx.html: Build with webpack.
2019-10-28 15:53:15 -07:00
images
integrations: Add Gitea integration.
2019-11-18 11:55:24 -08:00
js
lightbox: Confine embedded video players to a unique origin.
2019-12-12 15:23:15 -08:00
shared
js: Automatically convert var to let and const in most files.
2019-11-03 12:42:39 -08:00
styles
auth: Merge RemoteUserBackend into external_authentication_methods.
2019-12-10 20:16:21 +01:00
templates
bots: Render bot owner name in bots settings as link to show owner profile.
2019-12-06 12:00:07 -08:00
third
minor: Fix accidental global variable leak in marked.
2019-12-09 16:13:02 -08:00
.gitignore
generate-custom-icon-webfont: Replace with webpack webfonts-loader.
2019-07-18 12:00:00 -07:00
favicon.ico