Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove use of string-strip-html #836

merged 1 commit into from Jan 7, 2021


Copy link

@benmccann benmccann commented Jan 6, 2021

Closes #826.

This removes a dozen npm packages from the frontend bundle by using our own encodeHTML function as suggested in the OWASP cheat sheet.

Copy link

CLAassistant commented Jan 6, 2021

CLA assistant check
All committers have signed the CLA.

@lastzero lastzero added the waiting Impediment / blocked / waiting label Jan 7, 2021
Copy link

lastzero commented Jan 7, 2021

Merging this now. Guess you're sure there is no risk of introducing security issues? 🧐

@lastzero lastzero added released Available in the stable release and removed waiting Impediment / blocked / waiting labels Jan 7, 2021
@lastzero lastzero merged commit 58e12c8 into photoprism:develop Jan 7, 2021
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
released Available in the stable release
None yet

Successfully merging this pull request may close these issues.

Remove use of string-strip-html
3 participants