Penar Musaraj 3debdc8131 SECURITY: XSS when oneboxing user profile location field ... The XSS here is only possible if CSP is disabled. Low impact since CSP is enabled by default in SiteSettings.		2019-09-17 16:12:50 -04:00
..
active_record/connection_adapters
auth
common_passwords
concern
email
file_store
freedom_patches
guardian
highlight_js
import
middleware
migration
onebox/engine
plugin
rate_limiter
scheduler
site_settings
stylesheet
svg_sprite
theme_store
validators
wizard
admin_confirmation_spec.rb
admin_user_index_query_spec.rb
archetype_spec.rb
avatar_lookup_spec.rb
cache_spec.rb
category_badge_spec.rb
composer_messages_finder_spec.rb
content_buffer_spec.rb
cooked_post_processor_spec.rb
crawler_detection_spec.rb
current_user_spec.rb
directory_helper_spec.rb
discourse_diff_spec.rb
discourse_event_spec.rb
discourse_hub_spec.rb
discourse_plugin_registry_spec.rb
discourse_plugin_spec.rb
discourse_redis_spec.rb
discourse_spec.rb
discourse_tagging_spec.rb
discourse_updates_spec.rb
distributed_memoizer_spec.rb
distributed_mutex_spec.rb
email_cook_spec.rb
email_updater_spec.rb
enum_spec.rb
excerpt_parser_spec.rb
feed_element_installer_spec.rb
feed_item_accessor_spec.rb
file_helper_spec.rb
filter_best_posts_spec.rb
final_destination_spec.rb
flag_settings_spec.rb
gaps_spec.rb
global_path_spec.rb
guardian_spec.rb
has_errors_spec.rb
hijack_spec.rb
html_prettify_spec.rb
html_to_markdown_spec.rb
image_sizer_spec.rb
inline_oneboxer_spec.rb
js_locale_helper_spec.rb
json_error_spec.rb
letter_avatar_spec.rb
method_profiler_spec.rb
new_post_manager_spec.rb
new_post_result_spec.rb
oneboxer_spec.rb	SECURITY: XSS when oneboxing user profile location field	2019-09-17 16:12:50 -04:00
onpdiff_spec.rb
pbkdf2_spec.rb
pinned_check_spec.rb
plain_text_to_markdown_spec.rb
post_action_creator_spec.rb
post_creator_spec.rb
post_destroyer_spec.rb
post_locker_spec.rb
post_merger_spec.rb
post_revisor_spec.rb
pretty_text_spec.rb
promotion_spec.rb
quote_comparer_spec.rb
rate_limiter_spec.rb
redis_store_spec.rb
retrieve_title_spec.rb
rtl_spec.rb
s3_helper_spec.rb
s3_inventory_spec.rb
score_calculator_spec.rb
search_spec.rb
secure_session_spec.rb
site_icon_manager_spec.rb
site_setting_extension_spec.rb
slug_spec.rb
spam_handler_spec.rb
suggested_topics_builder_spec.rb
system_message_spec.rb
text_cleaner_spec.rb
text_sentinel_spec.rb
theme_settings_manager_spec.rb
theme_settings_parser_spec.rb
timeline_lookup_spec.rb
topic_creator_spec.rb
topic_publisher_spec.rb
topic_query_spec.rb
topic_retriever_spec.rb
topic_view_spec.rb
topics_bulk_action_spec.rb
trashable_spec.rb
trust_level_spec.rb
unread_spec.rb
url_helper_spec.rb
user_name_suggester_spec.rb
version_spec.rb