Mercurial > kallithea
diff Apache-License-2.0.txt @ 8500:48b9fdef5e7f stable
repo_groups: extra escape of names when used in select drop-downs
The lack of escaping could be a problem *if* it was possible to create repo
groups with dangerous names.
This was seen for example when specifying parent group of repos and repo
groups.
We want to keep groups_choices as HTML literals so paths can use » as
separator.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Wed, 11 Nov 2020 17:03:40 +0100 |
parents | fd2dff0588bc |
children |