Mercurial > kallithea
annotate .hgsigs @ 7539:22da5f258118
pullrequests: prevent XSS in 'Potential Reviewers' list when first and last names cannot be trusted
The user information passed to autocompleteFormatter from select2 is the raw
data which might contain HTML markup controlled by the user.
That could cause XSS issues, already when loading a PR page.
To avoid that, make sure autocompleteHighlightMatch always escape user
information. That makes the user safe as long as a rogue user isn't selected ...
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Wed, 27 Feb 2019 02:23:26 +0100 |
parents | 9b9258f5e2b2 |
children |
rev | line source |
---|---|
5529
1c9c3b0f21ae
Added tag 0.3 for changeset 9b3e9e242f5c
Andrew Shadura <andrew@shadura.me>
parents:
diff
changeset
|
1 9b3e9e242f5c97cc0c7657e5ac93dce7de61ca16 0 iQEcBAABAgAGBQJWDuAdAAoJEJ1bI/kYT6UUAlYH/ReCa7Im5tvy+ot5oAc7xey/O2rCVHp2h6i82tTWK/0i9EaS4DP+eTbAjV4WJA4qWF5DPenEJ3X9JhrTLNvGkR0f7lUqiFVMTJ472YlSsvIWg38gVFruzwk1cODRfq72o8ERYcRSfzrL4cDpIqjEd/vVVCV/gKVvPmzr4/FED/ZmS0X6T9gxWJo/eWSuLNAxHHtE/pCWDO3XEe+iOm+hHjkyz4Hn2r9/+ucrirnzycH6DnYO/kWvQzBnzgMjJm+1rLZ5cfU89V8zfhv6z0pd8CHZfpKGc2Z8EwVJq9LR+M4/76uDlYXx7IfZAxhRNqN6MC+yvPmDo3382dNr7Wkopi0= |
5757
c92b6787c843
Added tag 0.3.1 for changeset 9bf8eb837e78
Andrew Shadura <andrew@shadura.me>
parents:
5529
diff
changeset
|
2 9bf8eb837e785b6856ccfac264e977ce3ebe1535 0 iQEcBAABAgAGBQJW5XaVAAoJEJ1bI/kYT6UUbeMH/AsGg21jTc0tTT+228T+WfrfkbxrPkkULQF/Eo3ChlrhnFZ5B1y7ellSx6XGas7yKpqHHtNmrVwY3KBfUaYEljML/osEt1kvM6JGcd0vDbAW1uA2sdJR2AXmf32MjguFVhmYi9Lj79WYtgg241YGPe4dH0ompNFVqazNxCfmDBZijzSkF57FURMpV2e6+MyNq0txSo9Q82eALy0GAIX7NKQcxtynxG9ETzVzuVpeNE9MEZh0ObbUtPGezd55GXXcVqI8ZEurZwf6KHnd5M+5wxIZf84gM/k4QgQbRiIxNj4QfVmTZlVNSkC7PwSbF8twZPjlAprwldYvMi/c7ZVocEY= |
5813
f40905c3257c
Added tag 0.3.2 for changeset a84d40e9481f
Andrew Shadura <andrew@shadura.me>
parents:
5757
diff
changeset
|
3 a84d40e9481fcea4dafadee86b03f0dd401527d6 0 iQEcBAABAgAGBQJXJ4XhAAoJEJ1bI/kYT6UUKaIH/i33ZiT95pWF3pHEftgrZWvMwvz9tAuoHgf7ntkIUPnxfNteXKw8FiKcSQ9f8I41VyML+rqsnBBIfltJknfoqTV+9jNkHwc62OfcqQ3RbBDXQbcSi1CHn2ihJiZadqiKEyUw7JJqOMyWp+AWQyywcF/ea+pwXPJG5A2fd4vnBWHSxhD+6Ig1KipZNORzZY7fAec185M7NOZCZC+5qOLIkoQZaGq+D2Aipx5eZkpgFd4W+0LQY1ywMV5CiOY1OG0mry7l6NfIZvPY9Kiwg37G6ZUi8fhwVvn6Y8UACcAnWunBfKt9PWK0rAgNyJ9HDk/+3S5g6HcNKUb6YRTzEcLshIc= |
6781
9b9258f5e2b2
Added tag 0.3.3 for changeset 64ea7ea09236
Andrew Shadura <andrew@shadura.me>
parents:
5813
diff
changeset
|
4 64ea7ea0923618a0c117acebb816a6f0d162bfdb 0 iQEvBAABCAAZBQJZeN4NEhxhbmRyZXdAc2hhZHVyYS5tZQAKCRCdWyP5GE+lFGi/CACBEWfdtZNumWz5LJ6yHbiceEDXZ+9aD44EU3J3VfbRwLeZhQ7J0WwBCFg0qPxh08O+TMaeRP4ur20hczyR6u8fwmIc9KDmNZHujlG0Q6GkNSMizyfJgf/MYJD+03q2Z0S4e9QdPfc746TBZKaqqauV0uVjtd7+m3L4R+Qh5shxBNxshqGGWtMtXpO9iojCJEqxde9RVm+w9NidKdCLGoDlVpJ42iFSrUMeWBnVUMRhOiz6XKUrIPEjUfWMFe0gOR55wZcF3tJo8XBqqqhecI69cmLmkv1xG92V+jC5gTC3STYTASJqXHKEp2cRvUGbHrFF9ODBvcYjj+VsY5r2aU1l |