Mercurial > kallithea
diff pytest.ini @ 8500:48b9fdef5e7f stable
repo_groups: extra escape of names when used in select drop-downs
The lack of escaping could be a problem *if* it was possible to create repo
groups with dangerous names.
This was seen for example when specifying parent group of repos and repo
groups.
We want to keep groups_choices as HTML literals so paths can use » as
separator.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Wed, 11 Nov 2020 17:03:40 +0100 |
parents | afa5e0bdb76f |
children |