wekan

mirror of https://github.com/wekan/wekan.git synced 2026-01-01 23:28:49 +01:00

History

Lauri Ojansivu 482682e500 SECURITY VULNERABILITY FIX: Fix XSS bug reported today 4 hours ago by Cyb3rjunky. Logged in users could run javascript in input fields. This affects Wekan versions v3.12-v3.84. In [Wekan v3.12](https://github.com/wekan/wekan/blob/master/CHANGELOG.md#v312-2019-08-09-wekan-release) there was [changes for XSS filter to allow inserting images, videos etc on comment WYSIWYG editor](https://github.com/wekan/wekan/pull/2593) so features related to that are now removed. After this fix, Javascript in input fields is not executed. Thanks to Cyb3rjunky and xet7 !		2020-03-23 22:29:20 +02:00
..
editor.jade	Fixed RTL issue #884	2019-05-08 21:30:38 +03:00
editor.js	SECURITY VULNERABILITY FIX: Fix XSS bug reported today 4 hours ago by Cyb3rjunky.	2020-03-23 22:29:20 +02:00
fonts.styl	Restore original font and font sizes.	2018-04-11 14:59:58 +03:00
header.jade	- More whitelabeling.	2019-03-21 20:27:21 +02:00
header.js	Prettier & eslint project style update	2019-06-28 12:56:51 -05:00
header.styl	Update header.styl	2020-01-20 11:23:08 +01:00
keyboardShortcuts.jade	Allow the header bar customization	2015-12-09 19:10:26 -05:00
keyboardShortcuts.styl	Enphasize keyboard shortcuts with a dedicated style	2015-11-25 09:39:29 -08:00
layouts.jade	Loading authentication page	2019-04-24 12:28:11 +02:00
layouts.js	Prettier & eslint project style update	2019-06-28 12:56:51 -05:00
layouts.styl	Fixing @user in comments doesn't work if it's in a separate line	2019-09-11 09:05:16 -04:00
popup.js	Enforce a consistent ES6 coding style	2015-09-03 23:12:46 +02:00
popup.styl	Assignee field like Jira #2452 , in progress.	2019-11-04 10:00:28 +02:00
popup.tpl.jade	Define the popup translation in the stylesheet, not in the JS code	2015-06-09 17:41:55 +02:00
spinner.styl	Fix layout on Apple devices	2016-01-02 14:26:48 +01:00
spinner.tpl.jade	Renaissance	2015-05-12 19:33:50 +02:00