-
I am having trouble figuring out how to solve this case, but the fact is that when I configure apostrophe-express to not save sessions and set the disableAnonSession: true on the csrf token, the local…
-
PLEASE NOTE: make sure the bug exists in the latest patch level of the project. For instance, if you are running a 2.x version of Apostrophe, you should use the latest in that major version to confirm…
-
## To Reproduce
```
var sanitizeHtml = require('./src');
var stripHtml = html => sanitizeHtml(html, { allowedTags: [], allowedAttributes: {} });
test = '> < & & "';
console.log(stripHtml(test));
…
-
## To Reproduce
Step by step instructions to reproduce the behavior:
1. Set your terminal to use Node 14.
2. Do a fresh install of A3
3. In a linked project, create a new user with `node app @…
-
Vulnerable module: `sanitize-html`
Introduced through: sanitize-html@1.18.4
No known exploit
Fixed in: 2.0.0-beta
**Detailed paths**
Introduced through: fec-cms@1.0.0 › sanitize-html@1.18.4
…
-
Spammers are putting their website links in collective's long descriptions, comments and conversations to get a SEO boost. A way to increase our security and to cut the grass under their feet would be…
-
I can't see an easy way to strip out only `script` elements, for example, without making a huge array of every other element name in the world. Is there a way to do this?
-
In the Readme of the attached project you will find the explanation how to reproduce this error.
Also you can test it in this URL (https://sgdv-congress.apos0.swiss4ward.com/), which credentials ar…
-
--------------------
### Awesome_Bot link checks
* [x] Line 446: http://fluxbb.org/, Failed to open TCP connection to fluxbb.org:80 (Connection refused - connect(2) for "fluxbb.org" port 80)
* …
n8225 updated
3 years ago
-
Winston 2.x doesn't work with node 14.x. and thus breaks this tool.
https://github.com/winstonjs/winston/issues/1797
```
Apostrophe create-project Failed
(node:75963) Warning: Accessing non…