Skip to content

Remove use of string-strip-html #836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 7, 2021
Merged

Remove use of string-strip-html #836

merged 1 commit into from
Jan 7, 2021

Conversation

benmccann
Copy link
Contributor

@benmccann benmccann commented Jan 6, 2021
edited
Loading

Closes #826.

This removes a dozen npm packages from the frontend bundle by using our own encodeHTML function as suggested in the OWASP cheat sheet.

@CLAassistant
Copy link

CLAassistant commented Jan 6, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

@lastzero lastzero added the waiting Impediment / blocked / waiting label Jan 7, 2021
@lastzero
Copy link
Member

lastzero commented Jan 7, 2021

Merging this now. Guess you're sure there is no risk of introducing security issues? 🧐

@lastzero lastzero added released Available in the stable release and removed waiting Impediment / blocked / waiting labels Jan 7, 2021
@lastzero lastzero merged commit 58e12c8 into photoprism:develop Jan 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released Available in the stable release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove use of string-strip-html
3 participants
@benmccann @CLAassistant @lastzero