Skip to content

Security: prevent XSS attach on wiki page#955

Merged
lunny merged 1 commit into
go-gitea:release/v1.0from
lunny:lunny/fix_XSS_on_wiki_1
Feb 16, 2017
Merged

Security: prevent XSS attach on wiki page#955
lunny merged 1 commit into
go-gitea:release/v1.0from
lunny:lunny/fix_XSS_on_wiki_1

Conversation

@lunny
Copy link
Copy Markdown
Member

@lunny lunny commented Feb 16, 2017

Reported by Miguel Ángel Jimeno.

back port from #952

@unknwon @lunny
Security: prevent XSS attach on wiki page
16572da 
Reported by Miguel Ángel Jimeno.
@lunny lunny added type/bug topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! issue/critical This issue should be fixed ASAP. If it is a PR, the PR should be merged ASAP labels Feb 16, 2017
@lunny lunny added this to the 1.0.2 milestone Feb 16, 2017
@tboerger tboerger added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 16, 2017
@appleboy
Copy link
Copy Markdown
Member

appleboy commented Feb 16, 2017

LGTM

@tboerger tboerger added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 16, 2017
@Bwko
Copy link
Copy Markdown
Member

Bwko commented Feb 16, 2017
edited
Loading

LGTM

@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 16, 2017
@lunny lunny merged commit 9183661 into go-gitea:release/v1.0 Feb 16, 2017
@tboerger tboerger added the backport/done All backports for this PR have been created label Feb 21, 2017
@lunny lunny deleted the lunny/fix_XSS_on_wiki_1 branch April 19, 2017 05:46
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@appleboy appleboy appleboy approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created issue/critical This issue should be fixed ASAP. If it is a PR, the PR should be merged ASAP lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug

Projects

None yet

Milestone

1.0.2

Development

Successfully merging this pull request may close these issues.

5 participants

@lunny @appleboy @Bwko @tboerger @unknwon