DGNum/demarches-normaliennes
14
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

secu: remove a balise from sane user input

Browse source
This commit is contained in:
simon lehericey 2023-02-02 11:04:57 +01:00 committed by mfo
parent 3cbb491cfc
commit 4f0f221e46
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/application.rb
View file

@ -41,7 +41,7 @@ module TPS
config.assets.precompile += ['.woff'] config.assets.precompile += ['.woff']
default_allowed_tags = ActionView::Base.sanitized_allowed_tags default_allowed_tags = ActionView::Base.sanitized_allowed_tags
config.action_view.sanitized_allowed_tags = default_allowed_tags + ['u'] - ['img'] config.action_view.sanitized_allowed_tags = default_allowed_tags + ['u'] - ['img', 'a']
# ActionDispatch's IP spoofing detection is quite limited, and often rejects # ActionDispatch's IP spoofing detection is quite limited, and often rejects
# legitimate requests from misconfigured proxies (such as mobile telcos). # legitimate requests from misconfigured proxies (such as mobile telcos).