bug / pagure

Clone
Source Code
GIT

773db5 Escape html in author name

1 file Authored by Michael Scherer 5 years ago , Committed by Pierre-Yves Chibon 5 years ago ,
raw patch tree parent
1 file changed. 3 lines added. 2 lines removed.
pagure/ui/filters.py
file modified
+3 -2 
    Escape html in author name
    
    Prevent XSS by using a crafted author name with html and javascript
    later on the commit page, since that is marked as safe and so not escaped
    
    Another fix for CVE-2018-1002155
    
    Signed-off-by: Michael Scherer <misc@redhat.com></misc@redhat.com>
file modified
+3 -2

Powered by Pagure 5.7.4

SSH Hostkey/Fingerprint | Documentation | About

© 2014-2019 Red Hat, Inc. and others.

Logo by Pavel Lashutin