consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,492 Commits 1 Branch 0 Tags
b31f853bc6ad15cb479e958a1ea2acbcf53d5012
Commit Graph

19 Commits

Author SHA1 Message Date
Javi Martín
7bf4e4d611 Sanitize descriptions in the views 
Sanitizing descriptions before saving a record has a few drawbacks:

1. It makes the application rely on data being safe in the database. If
somehow dangerous data enters the database, the application will be
vulnerable to XSS attacks
2. It makes the code complicated
3. It isn't backwards compatible; if we decide to disallow a certain
HTML tag in the future, we'd need to sanitize existing data.

On the other hand, sanitizing the data in the view means we don't need
to triple-check dangerous HTML has already been stripped when we see the
method `auto_link_already_sanitized_html`, since now every time we use
it we sanitize the text in the same line we call this method.

We could also sanitize the data twice, both when saving to the database
and when displaying values in the view. However, doing so wouldn't make
the application safer, since we sanitize text introduced through
textarea fields but we don't sanitize text introduced through input
fields.

Finally, we could also overwrite the `description` method so it
sanitizes the text. But we're already introducing Globalize which
overwrites that method, and overwriting it again is a bit too confusing
in my humble opinion. It can also lead to hard-to-debug behaviour.
 2019-10-21 21:32:02 +02:00
Julian Herrero
129a258f19 Use double quotes in app/views/moderation 2019-03-19 12:16:50 +01:00
Angel Perez
4a6313fed7 Add missing thead & tbody tags on moderation index views 2018-07-03 09:22:42 -04:00
Angel Perez
452d7dd252 Fix page entries information and filter positioning 2018-07-03 09:22:42 -04:00
Alberto Garcia Cabeza
3ec0971b37 Replaces icons i tags for span 2016-03-14 19:32:48 +01:00
Alberto Garcia Cabeza
3752f3a53b Adds foundation 6 🎉 2016-02-26 19:33:33 +01:00
Alberto Garcia Cabeza
058d6f6ffc Fixes moderation tables 2015-09-24 12:55:39 +02:00
Alberto Garcia Cabeza
7dfdce8c07 Improves styles for admin buttons and selects 2015-09-24 12:40:16 +02:00
kikito
3b405f3e29 changes css style name to avoid conflicts 2015-09-22 14:23:11 +02:00
kikito
69e74c4207 Style in comment moderation 2015-09-21 16:12:55 +02:00
kikito
757205a93e Unifies bulk & debates moderation forms in a single one 2015-09-21 15:41:01 +02:00
kikito
79febe7bb8 Adds shared/filter_subnav partial to DRY filters 2015-09-02 13:39:27 +02:00
kikito
ebacc8c9c7 Uses has_filters in all controllers with filters & renames @filter to @current_filter 2015-09-02 13:21:46 +02:00
kikito
a7929c607d adds a helper to simplify the way selects and filters are rendered 2015-08-28 20:07:45 +02:00
kikito
cd982768f2 Renames the "archive" action to "ignore_flag" (+) 
* archived_at -> ignored_flag_at
* archived? -> ignored_flag?
* archive -> ignore_flag
* pending -> pending_flag_review
* archived (scope) -> with_ignored_flag
* I18n changes
 2015-08-27 11:43:58 +02:00
kikito
909dfb4ce3 Several renamings 
InappropiateFlag -> Flag
x.flag_as_inappropiate -> x.flag
x.undo_flag_as_inappropiate -> x.unflag
X.flagged_as_inappropiate -> x.flagged
flag-as-inappropiate-actions views & css -> flag-actions views & css
 2015-08-27 10:48:49 +02:00
kikito
6110284356 removes all references to "review" (replaced by "archive") 2015-08-26 13:48:57 +02:00
Alberto Garcia Cabeza
8037a82fef Adds styles to moderation admin 2015-08-25 15:19:54 +02:00
kikito
5eeaa7d189 implements /moderation/debates 2015-08-22 23:20:55 +02:00