##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
hipchat: escape user entered data to avoid xss/formatting problems
dan -
r934:3d0f257a default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -161,7 +161,7 b' class HipchatIntegrationType(Integration'
161 comment_text = data['comment']['text']
161 comment_text = data['comment']['text']
162 if len(comment_text) > 200:
162 if len(comment_text) > 200:
163 comment_text = '{comment_text}<a href="{comment_url}">...<a/>'.format(
163 comment_text = '{comment_text}<a href="{comment_url}">...<a/>'.format(
164 comment_text=comment_text[:200],
164 comment_text=h.html_escape(comment_text[:200]),
165 comment_url=data['comment']['url'],
165 comment_url=data['comment']['url'],
166 )
166 )
167
167
@@ -179,8 +179,8 b' class HipchatIntegrationType(Integration'
179 number=data['pullrequest']['pull_request_id'],
179 number=data['pullrequest']['pull_request_id'],
180 pr_url=data['pullrequest']['url'],
180 pr_url=data['pullrequest']['url'],
181 pr_status=data['pullrequest']['status'],
181 pr_status=data['pullrequest']['status'],
182 pr_title=data['pullrequest']['title'],
182 pr_title=h.html_escape(data['pullrequest']['title']),
183 comment_text=comment_text
183 comment_text=h.html_escape(comment_text)
184 )
184 )
185 )
185 )
186
186
@@ -193,7 +193,7 b' class HipchatIntegrationType(Integration'
193 number=data['pullrequest']['pull_request_id'],
193 number=data['pullrequest']['pull_request_id'],
194 pr_url=data['pullrequest']['url'],
194 pr_url=data['pullrequest']['url'],
195 pr_status=data['pullrequest']['status'],
195 pr_status=data['pullrequest']['status'],
196 pr_title=data['pullrequest']['title'],
196 pr_title=h.html_escape(data['pullrequest']['title']),
197 )
197 )
198 )
198 )
199
199
@@ -210,7 +210,7 b' class HipchatIntegrationType(Integration'
210 user=data['actor']['username'],
210 user=data['actor']['username'],
211 number=data['pullrequest']['pull_request_id'],
211 number=data['pullrequest']['pull_request_id'],
212 url=data['pullrequest']['url'],
212 url=data['pullrequest']['url'],
213 title=data['pullrequest']['title'],
213 title=h.html_escape(data['pullrequest']['title']),
214 action=action
214 action=action
215 )
215 )
216
216
@@ -238,7 +238,7 b' class HipchatIntegrationType(Integration'
238 def format_repo_create_event(self, data):
238 def format_repo_create_event(self, data):
239 return '<a href="{}">{}</a> ({}) repository created by <b>{}</b>'.format(
239 return '<a href="{}">{}</a> ({}) repository created by <b>{}</b>'.format(
240 data['repo']['url'],
240 data['repo']['url'],
241 data['repo']['repo_name'],
241 h.html_escape(data['repo']['repo_name']),
242 data['repo']['repo_type'],
242 data['repo']['repo_type'],
243 data['actor']['username'],
243 data['actor']['username'],
244 )
244 )
General Comments 0
You need to be logged in to leave comments. Login now