]> BookStack Code Mirror - bookstack/commit
projects / bookstack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 15786e2)
Prevented potential inline JS event usage
authorDan Brown <redacted>
Sun, 5 May 2019 12:53:37 +0000 (13:53 +0100)
committerDan Brown <redacted>
Sun, 5 May 2019 12:53:37 +0000 (13:53 +0100)
commitad542f0407b0f8112b43a48b6a0b25a161ad329f
treeddfcacfb5e5e1cf4d0f26337211c1c1944e0f69ctree | snapshot
parent15786e26308721815fbae844c314e1700e2b0260commit | diff
Prevented potential inline JS event usage

- Removes 'on*' attributes from elements.
- Also updated script logic to remove scripts instead of escaping.
- All JS injection removal now uses DomDocument + xpath parsing.
app/Entities/Repos/EntityRepo.php diff | blob | history
tests/Entity/PageContentTest.php diff | blob | history
The core source code for the BookStack project.