Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-11-22 12:52:50 +03:00
Code Issues Packages Projects Releases Wiki Activity
04c96eb2ff
MeshCentral/views
History
Josiah Baldwin 04c96eb2ff
Fix/xss (#6403) 
* Fixed filenames not being escaped when editing files

This allowed a possible XSS by naming a file in a particular way on your device.

* Fixed HTML generation in webserver not escaping most things from req.query

This would allow XSS through a very simple phishing attack

* Added HtmlEscape to Mobile default as well

* Added sanitization to SAML redirect and Twitter/Azure
2024-09-26 21:09:34 -07:00
..
agentinvite.handlebars show seperate macos mpkgs in web ui #6308 2024-08-06 15:33:49 +01:00
default-mobile.handlebars Fix/xss (#6403) 2024-09-26 21:09:34 -07:00
default.handlebars Fix/xss (#6403) 2024-09-26 21:09:34 -07:00
download2.handlebars Added BREACH attack mittigation, #4084 2022-06-08 10:47:23 -07:00
download.handlebars Added BREACH attack mittigation, #4084 2022-06-08 10:47:23 -07:00
error404-mobile.handlebars Version 0.9.67 2022-01-10 18:02:19 -08:00
error404.handlebars Added BREACH attack mittigation, #4084 2022-06-08 10:47:23 -07:00
error4042.handlebars Improved 404 pages to support tight Content-Security-Policy HTTP headers. 2022-01-10 01:26:45 -08:00
invite.handlebars Added BREACH attack mittigation, #4084 2022-06-08 10:47:23 -07:00
login2.handlebars display flash errors for external auths like saml or oidc on the login screen #6154 2024-06-11 20:06:19 +01:00
login-mobile.handlebars display flash errors for external auths like saml or oidc on the login screen #6154 2024-06-11 20:06:19 +01:00
login.handlebars display flash errors for external auths like saml or oidc on the login screen #6154 2024-06-11 20:06:19 +01:00
message2.handlebars Added BREACH attack mittigation, #4084 2022-06-08 10:47:23 -07:00
message.handlebars Added BREACH attack mittigation, #4084 2022-06-08 10:47:23 -07:00
messenger.handlebars fix webrtcconfig and allow stun servers #6309 2024-09-03 13:42:06 +01:00
mstsc.handlebars Added BREACH attack mittigation, #4084 2022-06-08 10:47:23 -07:00
player.handlebars fix player text align 2023-10-24 11:10:47 +01:00
sharing-mobile.handlebars fix webrtc file upload maybe #6309 2024-09-03 14:46:25 +01:00
sharing.handlebars add new line break feature to file edit #6365 2024-09-08 20:11:06 +01:00
ssh.handlebars Fixed SSH with xterm.js (#4668) 2022-10-25 09:58:04 -07:00
terms-mobile.handlebars Agent core download and reverse proxy improvements. 2020-11-30 13:20:31 -08:00
terms.handlebars Added BREACH attack mittigation, #4084 2022-06-08 10:47:23 -07:00
xterm.handlebars fix writeUtf8 for ssh player 2023-09-20 19:40:58 +01:00