1. 05 Apr, 2021 1 commit
    • Kevin Daudt's avatar
      escape html when outputing highlighted pastes · 37f25ab7
      Kevin Daudt authored
      When highlight mode is enabled with '?hl=true', the paste is embedded
      verbatim in html. This opens a vector for XSS, where html code and
      javascript is rendered as is.
      
      Escape the html using lua-turbos `escape.html_escape` function to close
      this vector.
      
      See #4
      37f25ab7
  2. 19 Jan, 2020 1 commit
  3. 03 Feb, 2018 2 commits
  4. 19 May, 2017 5 commits
  5. 28 Apr, 2017 2 commits
  6. 27 Jul, 2015 1 commit
  7. 22 Jul, 2015 7 commits
  8. 21 Jul, 2015 6 commits