Mercurial > kallithea
changeset 4827:8d76245daefa
feed: urlify and escape the commit description
This prevents HTML injections and also makes URLs clickable.
author | Andrew Shadura <andrew@shadura.me> |
---|---|
date | Wed, 11 Feb 2015 20:38:12 +0100 |
parents | 2346f7b1b82a |
children | 98d235e28078 |
files | kallithea/controllers/feed.py |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/feed.py Thu Feb 19 00:00:40 2015 +0100 +++ b/kallithea/controllers/feed.py Wed Feb 11 20:38:12 2015 +0100 @@ -107,7 +107,7 @@ desc_msg.append('changeset: <a href="%s">%s</a>' % (_url, cs.raw_id[:8])) desc_msg.append('<pre>') - desc_msg.append(cs.message) + desc_msg.append(h.urlify_text(cs.message)) desc_msg.append('\n') desc_msg.extend(changes) if self.include_diff: