pagure

Clone

98525e5 Escape html in author name

1 file Authored by Michael Scherer 5 years ago, Committed by pingou 5 years ago,
raw patch tree parent
1 file changed. 3 lines added. 2 lines removed.
pagure/ui/filters.py
file modified
+3 -2 
    Escape html in author name
    
    Prevent XSS by using a crafted author name with html and javascript
    later on the commit page, since that is marked as safe and so not escaped
    
    Another fix for CVE-2018-1002155
    
    Signed-off-by: Michael Scherer <misc@redhat.com>
file modified
+3 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.