TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-15 03:47:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: cherry pick security issue fixes (#1432)

Browse Source 
* fix: potential "Potentially unsafe external link" of TOS and EMail Links

* fix: "Size computation for allocation may overflow" by limiting aes encrypt to 64MB
This commit is contained in:
Livio Amstutz
2021-03-19 09:10:50 +01:00
committed by GitHub
parent bc7e650089
commit b01f277e4b
5 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/ui/login/static/templates/footer.html
View File

@@ -1,7 +1,7 @@
{{define "footer"}}
<footer>
<span class="fill-space"></span>
<a href="{{t "Footer.TosLink"}}" target="_blank" alt="Privacy Policy">{{t "Footer.TosPrivacyPolicy"}}</a>
<a href="{{t "Footer.TosLink"}}" rel="noopener noreferrer" target="_blank" alt="Privacy Policy">{{t "Footer.TosPrivacyPolicy"}}</a>
<a href="https://docs.zitadel.ch/use" target="_black" alt="Help">{{t "Footer.Help"}}</a>
</footer>
{{end}}

2
internal/ui/login/static/templates/register.html
View File

@@ -86,7 +86,7 @@
name="register-term-confirmation" required>
<label for="register-term-confirmation">
{{t "Registration.TosConfirm"}}
<a class="tos-link" target="_blank" href="{{t "Registration.TosLink"}}">
<a class="tos-link" target="_blank" href="{{t "Registration.TosLink"}}" rel="noopener noreferrer">
{{t "Registration.TosLinkText"}}
</a>
</label>

2
internal/ui/login/static/templates/register_org.html
View File

@@ -75,7 +75,7 @@
name="register-term-confirmation" required>
<label class="lgn-label" for="register-term-confirmation">
{{t "RegistrationOrg.TosConfirm"}}
<a class="tos-link" target="_blank" href="{{t "RegistrationOrg.TosLink"}}">{{t "RegistrationOrg.TosLinkText"}}</a>
<a class="tos-link" target="_blank" href="{{t "RegistrationOrg.TosLink"}}" rel="noopener noreferrer">{{t "RegistrationOrg.TosLinkText"}}</a>
</label>
</div>
</div>