New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixing the xss problem #163

Merged
merged 3 commits into from Sep 4, 2014

Conversation

3 participants
@summerblue
Contributor

summerblue commented Aug 26, 2014

Here is the fix for:

@summerblue

This comment has been minimized.

Show comment
Hide comment
@summerblue

summerblue Aug 26, 2014

Contributor

@driesvints LaravelIO is wonderful project, thanx for the hard work.

Contributor

summerblue commented Aug 26, 2014

@driesvints LaravelIO is wonderful project, thanx for the hard work.

@summerblue

This comment has been minimized.

Show comment
Hide comment
@summerblue

summerblue Aug 26, 2014

Contributor

Using this package -> https://github.com/mewebstudio/Purifier .
HTMLPurifier is white list filtering, the white list is specify in the config file see here, in this way, we have full control of the UGC.

My project is using it https://github.com/summerblue/phphub, HTMLPurifier is 🚀

Contributor

summerblue commented Aug 26, 2014

Using this package -> https://github.com/mewebstudio/Purifier .
HTMLPurifier is white list filtering, the white list is specify in the config file see here, in this way, we have full control of the UGC.

My project is using it https://github.com/summerblue/phphub, HTMLPurifier is 🚀

@GrahamCampbell

This comment has been minimized.

Show comment
Hide comment
@GrahamCampbell

GrahamCampbell Aug 26, 2014

Contributor

Don't use dev-master. Use a real value real version constraint.

Contributor

GrahamCampbell commented Aug 26, 2014

Don't use dev-master. Use a real value real version constraint.

@driesvints

View changes

Show outdated Hide outdated composer.json Outdated
@driesvints

View changes

Show outdated Hide outdated app/config/packages/mews/purifier/config.php Outdated
@driesvints

This comment has been minimized.

Show comment
Hide comment
@driesvints

driesvints Aug 27, 2014

Member

I'm gonna wait until next week with merging this in when I have more time. Laracon EU now :)

Member

driesvints commented Aug 27, 2014

I'm gonna wait until next week with merging this in when I have more time. Laracon EU now :)

driesvints added a commit that referenced this pull request Sep 4, 2014

@driesvints driesvints merged commit 8fd1cdb into laravelio:develop Sep 4, 2014

2 checks passed

ci/scrutinizer Scrutinizer: No new issues — Tests: passed
Details
continuous-integration/travis-ci The Travis CI build passed
Details
@driesvints

This comment has been minimized.

Show comment
Hide comment
@driesvints

driesvints Sep 4, 2014

Member

Thanks a bunch!

Member

driesvints commented Sep 4, 2014

Thanks a bunch!

@driesvints driesvints referenced this pull request Sep 4, 2014

Closed

XSS vulnerability #120

@summerblue

This comment has been minimized.

Show comment
Hide comment
@summerblue

summerblue Sep 4, 2014

Contributor

It is my honor. 😃

Contributor

summerblue commented Sep 4, 2014

It is my honor. 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment