Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00
Code Issues Activity
ghost/core/test/acceptance/admin
History
Kevin Ansfield 4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint 
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
..
actions_spec.js
config_spec.js
db_spec.js Added labels for Members (#11538) 2020-02-14 15:03:10 +05:30
email_preview_spec.js Moved email preview spec to acceptance tests 2019-11-08 11:38:06 +07:00
emails_spec.js Added default stats object to email model 2019-11-08 17:11:54 +07:00
images_spec.js
integrations_spec.js
invites_spec.js
key_authentication_spec.js
mail_spec.js
notifications_spec.js
oembed_spec.js 🔒 Improved validation of fetched urls and responses in oembed endpoint 2020-03-09 10:42:25 +00:00
pages_spec.js
posts_spec.js Updated defaults handling for email property in posts (#11355) 2019-11-08 11:40:49 +07:00
roles_spec.js
settings_spec.js
slugs_spec.js
tags_spec.js
themes_spec.js
users_spec.js Deleted all but active sessions on password change (#11639) 2020-03-05 12:22:32 +02:00
utils.js Updated defaults handling for email property in posts (#11355) 2019-11-08 11:40:49 +07:00
webhooks_spec.js