alyssa
/
pleroma
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
pleroma/lib/pleroma/web/mastodon_api
History
Haelwenn (lanodan) Monnier 1257331291
MastodonAPI.StatusView: Do not use site_name 
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
 		2020-02-15 00:36:09 +01:00
..
controllers Merge branch 'develop' into issue/1383 2020-01-28 20:39:20 +03:00
views MastodonAPI.StatusView: Do not use site_name 2020-02-15 00:36:09 +01:00
mastodon_api.ex Return 404 if account to filter notifications from is not found 2019-12-19 20:45:44 +07:00
websocket_handler.ex Apply suggestion to lib/pleroma/web/mastodon_api/websocket_handler.ex 2019-10-18 04:36:37 +00:00