Mercurial > kallithea

changeset 4827:8d76245daefa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
feed: urlify and escape the commit description This prevents HTML injections and also makes URLs clickable.
author Andrew Shadura <andrew@shadura.me>
date Wed, 11 Feb 2015 20:38:12 +0100
parents 2346f7b1b82a
children 98d235e28078
files kallithea/controllers/feed.py
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/controllers/feed.py	Thu Feb 19 00:00:40 2015 +0100
+++ b/kallithea/controllers/feed.py	Wed Feb 11 20:38:12 2015 +0100
@@ -107,7 +107,7 @@
         desc_msg.append('changeset: <a href="%s">%s</a>' % (_url, cs.raw_id[:8]))
 
         desc_msg.append('<pre>')
-        desc_msg.append(cs.message)
+        desc_msg.append(h.urlify_text(cs.message))
         desc_msg.append('\n')
         desc_msg.extend(changes)
         if self.include_diff: