tonyair/silverstripe-comments
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-comments synced 2024-06-26 06:29:36 +02:00
Code Issues Projects Releases Wiki Activity
747d4f4402
silverstripe-comments/src
History
Simon Gow 747d4f4402 Prevent storing formdata to cookies. 
- XSS an be stored in a cookie and potentially abused in other ways, so
to prevent this we need to use session instead. This requires the user
to have a session with silverstripe, but this is better than saving
potentially malicious content in cookies. (Also some cookies have
limited length).

@see https://github.com/silverstripe/silverstripe-comments/issues/263
2018-09-20 14:53:35 +12:00
..
Admin FIX Comment admin form should fill height 2018-08-27 14:36:44 +12:00
Controllers [SS-2018-015] Update jQuery version, remove entwine from frontend use 2018-05-29 11:40:18 +12:00
Extensions [SS-2018-015] Update jQuery version, remove entwine from frontend use 2018-05-29 11:40:18 +12:00
Forms Prevent storing formdata to cookies. 2018-09-20 14:53:35 +12:00
Model BUGFIX created way of knowing whether user has permission to post 2018-07-03 11:00:40 +12:00
Tasks Remove deprecated@2.0. Update Migrate task to check table name. Minor tweaks to class names. Use Director::absoluteURL. 2017-01-17 17:39:06 +13:00