squeegily/pleroma
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1257331291
pleroma/test/web
History
Haelwenn (lanodan) Monnier 1257331291
MastodonAPI.StatusView: Do not use site_name 
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
2020-02-15 00:36:09 +01:00
..
activity_pub Merge branch 'cancel-follow-request' into 'develop' 2020-02-07 16:10:43 +00:00
admin_api removing confusing error 2020-02-06 12:50:36 +03:00
auth
common_api Fix the confusingly named and inverted logic of "no_attachment_links" 2020-02-11 15:39:19 -06:00
feed fix test 2020-01-27 21:20:33 +03:00
instances
mastodon_api MastodonAPI.StatusView: Do not use site_name 2020-02-15 00:36:09 +01:00
media_proxy
metadata fixed Metadata.Utils.scrub_html_and_truncate 2020-01-03 16:28:13 +03:00
mongooseim
oauth updated error messages for authentication process 2020-01-17 15:01:37 +03:00
ostatus OStatus controller: don't serve json at /notice/, redirect instead 2019-11-25 17:55:17 +03:00
pleroma_api/controllers EmojiReactions: Remove old API endpoints 2020-02-07 15:01:45 +01:00
plugs
push added privacy option to push notifications 2019-11-28 22:13:11 +03:00
rich_media Revert "Merge branch 'feat/floki-fasthtml' into 'develop'" 2020-02-11 16:55:18 +00:00
static_fe Support redirecting by activity UUID in static FE as well. 2019-11-13 08:22:11 -08:00
streamer Merge branch 'fix-streaming-reblog' of git.pleroma.social:pleroma/pleroma into fix-streaming-reblog 2020-01-29 11:52:24 +01:00
twitter_api Restore TwitterAPI tests 2020-02-12 00:51:05 +04:00
views
web_finger kill almost all of the OStatus module 2019-10-18 14:50:09 +00:00
chat_channel_test.exs ChatChannel: Ignore messages that are too long. 2019-12-04 12:48:34 +01:00
fallback_test.exs
federator_test.exs Merge remote-tracking branch 'remotes/upstream/develop' into 1304-user-info-deprecation 2019-10-20 20:43:18 +03:00
masto_fe_controller_test.exs [#2068] Introduced proper OAuth tokens usage to controller tests. 2019-12-19 17:23:27 +03:00
node_info_test.exs moved Pleroma.Stats to Oban Periodic jobs 2019-11-26 10:54:30 +03:00
rel_me_test.exs add missing tesla mocks 2019-11-04 15:18:32 +00:00
uploader_controller_test.exs