Skip to content
This repository has been archived by the owner on Apr 3, 2024. It is now read-only.

Fix injection vulnerabilities #445

Merged
merged 1 commit into from Feb 14, 2020
Merged

Fix injection vulnerabilities #445

merged 1 commit into from Feb 14, 2020

Conversation

andreeleuterio
Copy link
Contributor

  • fix: fixing injection vulnerabilities in render

  • fix: removed style attribute support on img elements

  • fix: added validation of iframe url hostnames

  • fix: fixed fixture to use urls that are parseable by url.parse

  • fix: removed brittle regex and added literal string matching for hostnames

  • fix: removed node 6 support

  • fix: added fixture for style attribute removal

  • fix: added test for style attribute removal from img elements

What / Why

n/a

References

  • n/a

Fix injection vulnerabilities
74e4b9d 
* fix: fixing injection vulnerabilities in render

* fix: removed style attribute support on img elements

* fix: added validation of iframe url hostnames

* fix: fixed fixture to use urls that are parseable by url.parse

* fix: removed brittle regex and added literal string matching for hostnames

* fix: removed node 6 support

* fix: added fixture for style attribute removal

* fix: added test for style attribute removal from img elements
ronperris
ronperris approved these changes Feb 14, 2020
View reviewed changes
Copy link

@ronperris ronperris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@andreeleuterio andreeleuterio merged commit 96cd45a into master Feb 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ronperris ronperris ronperris approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@andreeleuterio @ronperris