New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/xss #6403

Merged

Ylianst merged 4 commits into Ylianst:master from HuFlungDu:fix/xss

Sep 27, 2024

Commits on Sep 25, 2024

Fixed filenames not being escaped when editing files
```
This allowed a possible XSS by naming a file in a particular way on your device.
```
HuFlungDu committed Sep 25, 2024
Configuration menu
View commit details

Copy full SHA for 68f63b4

Browse repository at this point
Copy the full SHA

68f63b4 View commit details

Browse the repository at this point in the history
Fixed HTML generation in webserver not escaping most things from req.…
```
…query

This would allow XSS through a very simple phishing attack
```
HuFlungDu committed Sep 25, 2024
Configuration menu
View commit details

Copy full SHA for 815c242

Browse repository at this point
Copy the full SHA

815c242 View commit details

Browse the repository at this point in the history
Added HtmlEscape to Mobile default as well

HuFlungDu committed Sep 25, 2024
Configuration menu
View commit details

Copy full SHA for e82008c

Browse repository at this point
Copy the full SHA

e82008c View commit details

Browse the repository at this point in the history
Added sanitization to SAML redirect and Twitter/Azure

HuFlungDu committed Sep 25, 2024
Configuration menu
View commit details

Copy full SHA for 1c37514

Browse repository at this point
Copy the full SHA

1c37514 View commit details

Browse the repository at this point in the history