BookStack/app/Http
Dan Brown 349162ea13
Prevented possible XSS via link attachments
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
..
Controllers Prevented possible XSS via link attachments 2020-10-31 15:01:52 +00:00
Middleware
Requests
Kernel.php
Request.php