This is a snapshot of Indico's old Trac site. Any information contained herein is most probably outdated. Access our new GitHub site here.

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#395 closed enhancement (fixed)

Sanitiy module

Reported by: jbenito Owned by: lsyroka
Priority: very low Milestone: v0.97.0
Component: General Version: 0.97.0
Keywords: Cc:

Description

Improve it in general and redesign it to use black lists instead of white lists.

Change History (4)

comment:1 Changed 5 years ago by lsyroka

  • Owner set to lsyroka
  • Status changed from new to accepted

comment:2 Changed 5 years ago by pferreir

  • Status changed from in_work to in_merge

comment:3 Changed 5 years ago by Leszek Syroka <leszek.marek.syroka@…>

  • Resolution set to fixed
  • Status changed from in_merge to closed

In [a307794b5e5e4bf78e170a1bd717ab311d4fa428]:

[FIX] Sanity module

  • client and server side input parsing integration
  • merged with branch fix#376-inline-minute-no-iframes
  • both parser are using the same whitelists
  • logic of client side parser changed to be coherent with server side parser
  • parsers whitelists and current sanitization level were put to vars.js.tpl file to the dictionary 'Security'
  • whitelists content updated
  • CSS keywords filtering added
  • protocol whitelist and url check added
  • fix#395

comment:7 Changed 5 years ago by Leszek Syroka <leszek.marek.syroka@…>

In [a307794b5e5e4bf78e170a1bd717ab311d4fa428]:

[FIX] Sanity module

  • client and server side input parsing integration
  • merged with branch fix#376-inline-minute-no-iframes
  • both parser are using the same whitelists
  • logic of client side parser changed to be coherent with server side parser
  • parsers whitelists and current sanitization level were put to vars.js.tpl file to the dictionary 'Security'
  • whitelists content updated
  • CSS keywords filtering added
  • protocol whitelist and url check added
  • fix#395
Note: See TracTickets for help on using tickets.