diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-11-07 16:27:35 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-11-09 12:26:44 +0100 |
commit | a14ee68fe4815d2906ece670bcc333303fd3c816 (patch) | |
tree | bf472312b78036d29fe47476822c938d6c311173 /app/services/auth | |
parent | bf061d0aff091a73611037b811cea2d3380962f4 (diff) | |
download | gitlab-ce-a14ee68fe4815d2906ece670bcc333303fd3c816.tar.gz |
Merge branch 'markdown-xss-fix-option-2.1' into 'security'
Fix for HackerOne XSS vulnerability in markdown
This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153
See merge request !2015
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app/services/auth')
0 files changed, 0 insertions, 0 deletions