Merge branch 'main' into issue-OWASP-BLT#1515

Author: DonnieBLT

poetry.lock

@@ -53,7 +53,7 @@ django-tz-detect = "^0.4.0"
 django-tellme = "^0.7.3"
 django-bootstrap-datepicker-plus = "^5.0.4"
 django-star-ratings = "^0.9.2"
-stripe = "^7.0.0"
+stripe = "^7.2.0"
 django-environ = "^0.11.2"
 django-humanize = "^0.1.2"
 drf-yasg = "^1.20.0"
@@ -62,7 +62,7 @@ django-filter = "^22.1"
 webdriver-manager = "^4.0.1"
 pillow = "^10.1.0"
 chromedriver-autoinstaller = "^0.6.2"
-sentry-sdk = "^1.32.0"
+sentry-sdk = "^1.33.1"
 
 [tool.poetry.dev-dependencies]
 black = "^22.3.0"

pyproject.toml

@@ -5846,7 +5846,7 @@ p.date-in, span.date-on{
 .tile-progress {
   padding: 15px;
 }
-i.fa.fa-facebook, i.fa.fa-twitter, i.fa.fa-google-plus, i.fa.fa-dribbble, i.fa.fa-linkedin, i.fa.fa-youtube, i.fa.fa-skype, i.fa.fa-flickr{
+i.fa.fa-facebook, i.fa.fa-x-twitter, i.fa.fa-google-plus, i.fa.fa-dribbble, i.fa.fa-linkedin, i.fa.fa-youtube, i.fa.fa-skype, i.fa.fa-flickr{
   font-size: 30px;
 }
 h3.count.text-light {

website/static/css/style-dashboard.css

@@ -786,7 +786,7 @@
                 }
             }
             if ($query.length > 0 && (query_content = $query.attr('data-atwho-at-query'))) {
-                $query.empty().html(query_content).attr('data-atwho-at-query', null);
+                $query.empty().text(query_content).removeAttr('data-atwho-at-query');
                 this._setRange('after', $query.get(0), range);
             }
             _range = range.cloneRange();

website/static/js/jquery.atwho.js

@@ -520,7 +520,8 @@ function sanitizeSelector(selector) {
     var clickHandler = function (e) {
         var href
         var $this = $(this)
-        var $target = $($this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7
+        var $target = $($(sanitizeSelector($this.attr('data-target'))) || ((href = sanitizeSelector($this.attr('href'))) && href.replace(/.*(?=#[^\s]+$)/, '')));
+        
         if (!$target.hasClass('carousel')) return
         var options = $.extend({}, $target.data(), $this.data())
         var slideIndex = $this.attr('data-slide-to')
@@ -1575,7 +1576,7 @@ function sanitizeSelector(selector) {
 
     Tooltip.prototype.setContent = function () {
         var $tip = this.tip()
-        var title = this.getTitle()
+        var title = escapeHTML(this.getTitle())
 
         $tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title)
         $tip.removeClass('fade in top bottom left right')

website/static/vendor/bootstrap/js/bootstrap.js

@@ -33,7 +33,7 @@
                 >
                 <a href="{{contributor.twitter}}" target="_blank" rel="noopener noreferrer">
                     <i
-                    class="scale-150 m-3 fa-brands fa-twitter fa-lg cursor-pointer transition duration-100 hover:text-red-500"
+                    class="scale-150 m-3 fa-brands fa-x-twitter fa-lg cursor-pointer transition duration-100 hover:text-red-500"
                     ></i>
                 </a>
                 <a href="{{contributor.linkedin}}" target="_blank" rel="noopener noreferrer">
@@ -53,4 +53,4 @@
       </div>
     </div>
   </section>
-{% endblock %}
+{% endblock %}