mirror of
https://github.com/discourse/discourse.git
synced 2025-05-28 23:49:34 +08:00
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
This commit is contained in:

committed by
GitHub

parent
5077cf52fd
commit
e0d9232259
@ -29,7 +29,7 @@ There are 3 main scenarios we protect against:
|
||||
|
||||
3. **CSP is on by default** for [all Discourse installations](https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243) as of Discourse 2.2. It can be switched off in the site settings, but it is default on.
|
||||
|
||||
On the server side we run a whitelist based sanitizer, implemented using the [Sanitize gem](https://github.com/rgrove/sanitize). See the [relevant Discourse code](https://github.com/discourse/discourse/blob/master/lib/pretty_text.rb).
|
||||
On the server side we run a allowlist based sanitizer, implemented using the [Sanitize gem](https://github.com/rgrove/sanitize). See the [relevant Discourse code](https://github.com/discourse/discourse/blob/master/lib/pretty_text.rb).
|
||||
|
||||
In addition, titles and all other places where non-admins can enter code are protected either using the Handlebars library or standard Rails XSS protection.
|
||||
|
||||
|
Reference in New Issue
Block a user