nuke/lib at d40e9056bc75dec24b45b2892037b62f6e5a1428 - sophie/nuke - git.sad.ovh

History

Xe Iaso d40e9056bc fix(lib): block XSS attacks via nonstandard URLs (#904 ) * fix(lib): block XSS attacks via nonstandard URLs This could allow an attacker to craft an Anubis pass-challenge URL that forces a redirect to nonstandard URLs, such as the `javascript:` scheme which executes arbitrary JavaScript code in a browser context when the user clicks the "Try again" button. Release-status: cut Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>		2025-07-24 14:05:00 +00:00
..
challenge	feat(lib): use new challenge creation flow (#749 )	2025-07-04 20:42:28 +00:00
localization	feat(localization): Add in Bokmål and Nynorsk translations (#855 )	2025-07-21 22:37:49 -04:00
policy	feat(expressions): add missingHeader function to bot environment (#870 )	2025-07-20 19:09:29 -04:00
store	fix broken bbolt database cleanup process (#848 ) (#848 )	2025-07-18 13:51:32 -04:00
testdata	fix(config): actually load threshold config (#696 )	2025-06-19 17:13:01 -04:00
anubis.go	fix(lib): block XSS attacks via nonstandard URLs (#904 )	2025-07-24 14:05:00 +00:00
anubis_test.go	fix(lib): block XSS attacks via nonstandard URLs (#904 )	2025-07-24 14:05:00 +00:00
config.go	fix: make ogtags and dnsbl use the Store instead of memory (#760 )	2025-07-05 16:17:46 -04:00
config_test.go	fix(config): actually load threshold config (#696 )	2025-06-19 17:13:01 -04:00
http.go	fix: race conditions, cookie logic, and the try again button (#833 )	2025-07-15 00:54:08 +00:00
http_test.go	fix: Dynamic cookie domain not working (#731 )	2025-06-29 15:38:55 -04:00