Vladimir Gorej a616cb471d fix(Markdown): render markdown in more secure way ...

This commit changes markdown sanitization behaviour in following way:

class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.

The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.

2020-06-11 21:51:15 +02:00

..

helpers.js

feature: Docker OAuth block support (via #4987)

2018-11-01 18:52:13 -04:00

index.js

improve(docker): bail out + provide helpful error if injection fails (via #5007)

2018-11-06 02:34:44 +00:00

oauth.js

improvement: oauth "scopes" improvements (#6037)

2020-06-10 11:27:54 -07:00

translator.js

bugfix: legacy Docker variables being overridden by default values (via #5006)

2018-11-06 01:57:20 +00:00

variables.js

fix(Markdown): render markdown in more secure way

2020-06-11 21:51:15 +02:00