Kevin Ansfield 4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint ... no issue - prevent oembed fetching from accessing IP addresses or localhost domains - prevent oembed endpoint from passing through fetched responses as-is - reject any fetched data that does not validate against the oembed spec - strip any unknown properties from the oembed response before returning Credits: Nick Mykhailyshyn		2020-03-09 10:42:25 +00:00
..
utils	Refactored members csv export for bettere readability	2020-03-06 13:55:11 +08:00
actions.js
authentication.js
authors-public.js
config.js
db.js	Corrected 404 handling	2020-02-10 12:41:39 +00:00
email-preview.js	Refactored email handling to be consistent for test and newsletter emails	2019-11-26 21:41:01 +05:30
email.js	Moved toJSON calls to serializer	2019-11-25 12:04:58 +07:00
images.js
index.js	✨ Added member login resource to Admin API (#11607)	2020-02-27 11:48:02 +08:00
integrations.js
invites.js
labels.js	✨Added labels for Members (#11538)	2020-02-14 15:03:10 +05:30
mail.js
members.js	Added created_at field to accepted fields for members CSV import	2020-02-19 19:55:32 +08:00
memberSigninUrls.js	✨ Added member login resource to Admin API (#11607)	2020-02-27 11:48:02 +08:00
notifications.js
oembed.js	🔒 Improved validation of fetched urls and responses in oembed endpoint	2020-03-09 10:42:25 +00:00
pages-public.js
pages.js	✨ Allowed pages to accept HTML as a source (#11422)	2020-01-08 17:44:34 +01:00
posts-public.js
posts.js	🏗Added host config limits for member emails (#11439)	2019-12-17 19:24:27 +05:30
preview.js
redirects.js
roles.js
schedules.js
session.js
settings-public.js
settings.js	Added permission restrictions to editing members flag (#11217)	2019-10-09 10:26:54 +02:00
site.js
slack.js
slugs.js
tags-public.js
tags.js
themes.js
users.js	✨ Deleted all but active sessions on password change (#11639)	2020-03-05 12:22:32 +02:00
webhooks.js