global: fix standard flash messages security
ecb6d6e79282
Actions

Authored by Nicolas Harraudeau <nicolas.harraudeau@cern.ch> on Aug 31 2015, 09:36.

Description

global: fix standard flash messages security

SECURITY Fixes potential XSS issues by changing main flash messages template so that they are not displayed as safe HTML by default.

NOTE Displaying HTML safe flash messages can be done by using one of these flash contexts: '(html_safe)', 'info(html_safe)', 'danger(html_safe)', 'error(html_safe)', 'warning(html_safe)', 'success(html_safe)' instead of the standard ones (which are the same without '(html safe)' at the end).

Signed-off-by: Nicolas Harraudeau <nicolas.harraudeau@cern.ch>

Committed

Nicolas Harraudeau <nicolas.harraudeau@cern.ch>

Aug 31 2015, 16:31

Parents

R3600:ad1af82a9606: tags: PEP8 code style improvements

Branches

Unknown

Tags

Unknown

Nicolas Harraudeau <nicolas.harraudeau@cern.ch> committed R3600:ecb6d6e79282: global: fix standard flash messages security (authored by Nicolas Harraudeau <nicolas.harraudeau@cern.ch>).Aug 31 2015, 16:31

				Path
	M			invenio/base/templates/_macros.html
	M			invenio/ext/script/__init__.py