0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-11 02:12:21 -05:00
ghost/core
Kevin Ansfield 4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
..
client@1a77f94232 Updated Ghost-Admin to 3.9.0 2020-03-02 12:02:24 +00:00
frontend Added custom currency support for Memer's plans 2020-03-04 13:15:21 +08:00
server 🔒 Improved validation of fetched urls and responses in oembed endpoint 2020-03-09 10:42:25 +00:00
shared/nql-map-key-values 🏗 Migrated posts.page column to posts.type (#11111) 2019-09-16 11:51:54 +01:00
test 🔒 Improved validation of fetched urls and responses in oembed endpoint 2020-03-09 10:42:25 +00:00
index.js