David Mehren f552b14e11

Sanitize username and photo URL ...

HedgeDoc displays the username and user photo at various places
by rendering the respective variables into an `ejs` template.
As the values are user-provided or generated from user-provided data,
it may be possible to inject unwanted HTML.

This commit sanitizes the username and photo URL by passing them
through the `xss` library.

Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>

2021-05-09 19:28:44 +02:00

..

config

Automatically enable protocolUseSSL when useSSL is set

2021-05-06 21:19:14 +02:00

migrations

Add missing catch

2020-12-02 19:39:06 +01:00

models

Sanitize username and photo URL

2021-05-09 19:28:44 +02:00

ot

Fix logging in ot module

2018-11-13 23:30:13 +01:00

web

ImageRouterImgur: Replace imgur library with note-fetch request

2021-04-22 21:23:27 +02:00

workers

Linter: Fix all lint errors

2021-02-15 12:15:14 +01:00

csp.js

Fix upgradeInsecureRequests CSP directive

2021-05-04 11:10:53 +02:00

errors.js

Check for existing notes on POST and dont override them

2021-03-29 23:00:34 +02:00

history.js

Linter: Fix all lint errors

2021-02-15 12:15:14 +01:00

letter-avatars.js

Linter: Fix all lint errors

2021-02-15 12:15:14 +01:00

logger.js

Fix eslint warnings

2019-05-31 00:30:29 +02:00

prometheus.js

Add custom prometheus metrics

2021-04-25 20:06:56 +02:00

realtime.js

Linter: Fix all lint errors

2021-02-15 12:15:14 +01:00

response.js

Replace request library with node-fetch

2021-03-12 22:27:49 +01:00

utils.js

Linter: Fix all lint errors

2021-02-15 12:15:14 +01:00