Skip to content

Display confirmation prompt body as text instead of HTML #5862

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 20, 2023
Merged

Display confirmation prompt body as text instead of HTML #5862

merged 3 commits into from
Jul 20, 2023

Conversation

ThiefMaster
Copy link
Member

This fixes an XSS issue in places where the confirmation prompt contains e.g. the name of the object being deleted.

The few places where we used formatting in those bodies, now use plain text as HTML in the message is no longer supported.

ThiefMaster and others added 3 commits July 20, 2023 15:18
@ThiefMaster
Fix XSS in confirmation prompts
2ee636d 
Also update some confirmation prompts to not use HTML in the message as
this is no longer supported.
@ThiefMaster
Update *.pot files
24d2144
@ThiefMaster
Update translations
da57216
@ThiefMaster ThiefMaster added this to the v3.2 milestone Jul 20, 2023
@ThiefMaster ThiefMaster merged commit da57216 into indico:master Jul 20, 2023
@ThiefMaster ThiefMaster deleted the js-confirm-xss branch July 20, 2023 14:08
ThiefMaster added a commit that referenced this pull request Dec 21, 2023
@ThiefMaster
Remove HTML from confirmation message
3635ec3 
The prompt no longer supports HTML since #5862
VojtechPetru pushed a commit to VojtechPetru/indico that referenced this pull request Jan 12, 2024
@ThiefMaster @VojtechPetru
Remove HTML from confirmation message
a2c629c 
The prompt no longer supports HTML since indico#5862
micsucmed pushed a commit to micsucmed/indico that referenced this pull request Jan 19, 2024
@ThiefMaster @micsucmed
Remove HTML from confirmation message
0872cf3 
The prompt no longer supports HTML since indico#5862
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.2
Development

Successfully merging this pull request may close these issues.
1 participant
@ThiefMaster