mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-05-25 02:00:10 +02:00
7f7b10aa09
When showing system-messages, use default Angular sanitizer, also, on the admin panel itself, show the verbatim text of the message. This solves a mild Stored-XSS vulnerability whereby a user could put `<script>` tags in a message. We don't want that, but we do want to be able to use basic html tags.