Homec4science
Diffusion invenio-infoscience ba792db7c3ac

Fixed XSS problems: now webmessage module correctly escapes HTML, permitting…
ba792db7c3ac
Actions

Authored by Gregory Favre <gregory.favre@cern.ch> on Nov 22 2006, 16:24.

Description

Fixed XSS problems: now webmessage module correctly escapes HTML, permitting use of some specific tags (e.g. links). Removed references to cgi.escape (now uses miscutil.htmlutils' escape_html function). Refactored code (unused imports, line lengths, etc.).

Details

Committed
Gregory Favre <gregory.favre@cern.ch>Nov 22 2006, 16:24
Parents
R3600:4cf4d21e7ac7: Suppressed references to miscutil.urlutils a_href function (used…
Branches
Unknown
Tags
Unknown

Event Timeline

Gregory Favre <gregory.favre@cern.ch> committed R3600:ba792db7c3ac: Fixed XSS problems: now webmessage module correctly escapes HTML, permitting… (authored by Gregory Favre <gregory.favre@cern.ch>).Nov 22 2006, 16:24

Changes (4)

Path
Mmodules/webmessage/lib/webmessage.py
Mmodules/webmessage/lib/webmessage_mailutils.py
Mmodules/webmessage/lib/webmessage_templates.py
Mmodules/webmessage/lib/webmessage_webinterface.py

R3600:ba792db7c3ac

View Options

modules/webmessage/lib/webmessage.py

Loading...
View Options

modules/webmessage/lib/webmessage_mailutils.py

Loading...
View Options

modules/webmessage/lib/webmessage_templates.py

Loading...
View Options

modules/webmessage/lib/webmessage_webinterface.py

Loading...
c4science · Help