You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment, we are calling sanitize(data) in the filter chain (at least) twice: in the actual Sanitize filter, and inside the Macro filter, to counter an exploit discovered a while ago by @yy0931 (see #402). We can try to make this more efficient by moving the Sanitize filter to earlier in the filter chain, so that it is executed after all the other steps. It's possible that this ends up breaking something for some users, if the Sanitize filter is overzealous and also removes some things we forgot to whitelist. But if the test suites pass, it's worth finding out I think. :)
We should also be sure to guard explicitly against the exploit, but I think the test included in #402 should suffice for that.
The text was updated successfully, but these errors were encountered:
At the moment, we are calling
sanitize(data)in the filter chain (at least) twice: in the actualSanitizefilter, and inside theMacrofilter, to counter an exploit discovered a while ago by @yy0931 (see #402). We can try to make this more efficient by moving theSanitizefilter to earlier in the filter chain, so that it is executed after all the other steps. It's possible that this ends up breaking something for some users, if theSanitizefilter is overzealous and also removes some things we forgot to whitelist. But if the test suites pass, it's worth finding out I think. :)We should also be sure to guard explicitly against the exploit, but I think the test included in #402 should suffice for that.
The text was updated successfully, but these errors were encountered: