forgejo

mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-10-31 22:38:58 +00:00

History

Gusted d3de80b9cc [SECURITY] Test XSS in dismissed review It's possible for reviews to not be assiocated with users, when they were migrated from another forge instance. In the migration code, there's no sanitization check for author names, so they could contain HTML tags and thus needs to be properely escaped. (cherry picked from commit `ca798e4cc2`)	2024-02-22 15:35:04 +01:00
..
comment.yml	[SECURITY] Test XSS in dismissed review	2024-02-22 15:35:04 +01:00
review.yml	[SECURITY] Test XSS in dismissed review	2024-02-22 15:35:04 +01:00

It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.

(cherry picked from commit ca798e4cc2)

2024-02-22 15:35:04 +01:00

comment.yml [SECURITY] Test XSS in dismissed review 2024-02-22 15:35:04 +01:00

review.yml [SECURITY] Test XSS in dismissed review 2024-02-22 15:35:04 +01:00