mirror of
https://github.com/paperless-ngx/paperless-ngx.git
synced 2026-07-02 18:24:17 +00:00
Merge commit from fork
* Security: prevent XSS with storage path template rendering * Security: prevent XSS svg uploads * Security: force attachment disposition for logo * Add suggestions from code review * Improve SVG validation with allowlist for tags and attributes
This commit is contained in:
@@ -0,0 +1,4 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
|
||||
<text x="10" y="20">Hello</text>
|
||||
<script>alert('XSS')</script>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 140 B |
Reference in New Issue
Block a user