Mercurial > kallithea
view MANIFEST.in @ 8499:df930758dcf7 stable
repos: extra HTML escaping of repo and repo group names shown in DataTables
These names will already have been "slugged" and can thus not contain anything
that can be used for any attack. But let's be explicitly safe and escape them
anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe
repo names.
just_name must be escaped in order to make search work correctly - for example
if searching for '<' ... *if* it was possible for names to contain that.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Wed, 11 Nov 2020 16:45:42 +0100 |
parents | 97c5e6ac5c75 |
children | 495dea7c2a13 |
line wrap: on
line source
include .coveragerc include .eslintrc.js include Apache-License-2.0.txt include CONTRIBUTORS include COPYING include Jenkinsfile include LICENSE-MERGELY.html include LICENSE.md include MIT-Permissive-License.txt include README.rst include conftest.py include dev_requirements.txt include development.ini include pytest.ini include requirements.txt include tox.ini recursive-include docs * recursive-include init.d * recursive-include kallithea/alembic * include kallithea/bin/ldap_sync.conf include kallithea/lib/paster_commands/template.ini.mako recursive-include kallithea/front-end * recursive-include kallithea/i18n * recursive-include kallithea/public * recursive-include kallithea/templates * recursive-include kallithea/tests/fixtures * recursive-include kallithea/tests/scripts * include kallithea/tests/models/test_dump_html_mails.ref.html include kallithea/tests/performance/test_vcs.py include kallithea/tests/vcs/aconfig recursive-include scripts *