Mercurial > kallithea
annotate MIT-Permissive-License.txt @ 7552:e74aa69f6827 stable
lib: sanitize HTML for all types of README rendering, not only markdown
The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.
Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.
This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Sat, 26 Jan 2019 20:27:50 +0100 |
| parents | 08baa849c8a8 |
| children |
| rev | line source |
|---|---|
|
4119
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
1 Permission is hereby granted, free of charge, to any person obtaining a copy |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
2 of this software and associated documentation files (the "Software"), to deal |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
3 in the Software without restriction, including without limitation the rights |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
4 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
5 copies of the Software, and to permit persons to whom the Software is |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
6 furnished to do so, subject to the following conditions: |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
7 |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
8 The above copyright notice and this permission notice shall be included in |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
9 all copies or substantial portions of the Software. |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
10 |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
12 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
14 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
15 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
16 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
08baa849c8a8
Add MIT-Permissive-License.txt
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents:
diff
changeset
|
17 SOFTWARE. |