fix: sanitize SVG#41234
Conversation
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
|
| "phpseclib/phpseclib": "^3.0", | ||
| "pimple/pimple": "^3.5", | ||
| "punic/punic": "^3.8", | ||
| "rhukster/dom-sanitizer": "dev-main", |
There was a problem hiding this comment.
Is it possible to pin this specifically to commit: rhukster/dom-sanitizer@757e4d6
There was a problem hiding this comment.
The explicit commit is pinned in compose.lock
There was a problem hiding this comment.
Won't this automatically pull HEAD on every composer install on a fresh system?
There was a problem hiding this comment.
no -composer install operate on the lock file. lock file is updated via composer update
dont get confused with npm .....
| "phpseclib/phpseclib": "^3.0", | ||
| "pimple/pimple": "^3.5", | ||
| "punic/punic": "^3.8", | ||
| "rhukster/dom-sanitizer": "dev-main", |
|
damit - changelog is missing .... will come up with another pr ... |
chore: add changelog item for #41234
2 participants
Description
SVG
xlink:hrefwill now completely be blocked as well as otherimagetag to harden SVG support.Motivation and Context
Harden SVG support
Types of changes
Checklist: