distraction.party/test/web/mastodon_api
Haelwenn (lanodan) Monnier 1257331291
MastodonAPI.StatusView: Do not use site_name
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
2020-02-15 00:36:09 +01:00
..
controllers Fix status.expires_in validation 2020-02-12 20:20:44 +04:00
views MastodonAPI.StatusView: Do not use site_name 2020-02-15 00:36:09 +01:00
mastodon_api_controller_test.exs [#2068] Introduced proper OAuth tokens usage to controller tests. 2019-12-19 17:23:27 +03:00
mastodon_api_test.exs [#1304] Moved all non-mutes / non-blocks fields from User.Info to User. WIP. 2019-10-16 21:59:21 +03:00