sjw
/
pleroma
mirror of https://git.pleroma.social/sjw/pleroma.git
1
0
Fork 0
Code Issues Releases Wiki Activity
pleroma/test/web/mastodon_api/views
History
Haelwenn (lanodan) Monnier 1257331291
MastodonAPI.StatusView: Do not use site_name 
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
 		2020-02-15 00:36:09 +01:00
..
account_view_test.exs mastodon API: do not sanitize html in non-html fields 2020-02-02 14:46:32 +03:00
conversation_view_test.exs Mastodon API, streaming: Add `pleroma.direct_conversation_id` to the `conversation` stream event payload. 2019-11-04 18:36:16 +03:00
list_view_test.exs Bump copyright years of files changed in 2019 2019-09-18 23:21:11 +02:00
marker_view_test.exs add Markers /api/v1/markers 2019-10-17 15:26:59 +03:00
notification_view_test.exs EmojiReactions: Rename to EmojiReacts 2020-02-06 18:09:57 +01:00
poll_view_test.exs Extract poll actions from `MastodonAPIController` to `PollController` 2019-10-01 11:44:34 +07:00
push_subscription_view_test.exs Bump copyright years of files changed in 2019 2019-09-18 23:21:11 +02:00
scheduled_activity_view_test.exs Bump copyright years of files changed in 2019 2019-09-18 23:21:11 +02:00
status_view_test.exs MastodonAPI.StatusView: Do not use site_name 2020-02-15 00:36:09 +01:00