edx-platform

Files

David Ormsbee 149b014053 fix: disallow "data:" links in discussion posts

Sanitizes Markdown that goes back and forth between the server and
client side, to strip out data: links, so that they cannot be abused.
There is no present vulnerability to this issue–modern browsers disallow
data links in the first place, and we already filter this out in both
client-side code as well as the HTML generated in the REST API (it's run
through bleach). But we're adding this anyway, to further reduce the
odds that some client-side mistake could cause a vulnerability. This is
part of TNL-8589.

2021-08-03 15:19:07 -04:00

base

fix: disallow "data:" links in discussion posts

2021-08-03 15:19:07 -04:00

migrations

Move django_comment_client to discussion/

2019-05-03 12:09:46 -04:00

tests

fix: disallow "data:" links in discussion posts

2021-08-03 15:19:07 -04:00

__init__.py

Move django_comment_client to discussion/

2019-05-03 12:09:46 -04:00

constants.py

Move django_comment_client to discussion/

2019-05-03 12:09:46 -04:00

middleware.py

BOM-2358 : Pyupgrade in dashboard, debug, discussion apps (#26529 )

2021-02-22 15:42:21 +05:00

models.py

Move django_comment_common from common to openedx

2019-05-03 12:10:18 -04:00

permissions.py

refactor: Remove get_course_discussion_settings helper

2021-04-30 11:47:34 -07:00

README.rst

Move django_comment_client to discussion/

2019-05-03 12:09:46 -04:00

settings.py

remove useless-supression warnings

2020-05-01 19:42:15 +05:00

urls.py

Run 2to3 -f future . -w

2019-12-30 10:35:30 -05:00

utils.py

fix: disallow "data:" links in discussion posts

2021-08-03 15:19:07 -04:00

README.rst

See ``lms/djangoapps/discussion/README.rst``