From 6612cde832cee90b033317f17c57cc9f2f68b0a2 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Tue, 11 Feb 2014 16:05:50 +0100
Subject: fix XSS when importing articles, speed up update and adding of feeds
 by only purifying content that will be added to the db

---
 CHANGELOG | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'CHANGELOG')

diff --git a/CHANGELOG b/CHANGELOG
index 2612a65bb..4993f2ffa 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,7 @@
 owncloud-news (1.806)
 * Disable simple pie sanitation (we use HtmlPurifier) to speed up update
+* Only purify articles if they will be added to the database
+* Fix XSS vulnerability that was caused by not purifing the body of imported articles
 
 owncloud-news (1.805)
 * Hide editing tools in invalid feed dialog
-- 
cgit v1.2.3