##// END OF EJS Templates
issue-trackers: fix XSS with description field.
marcink -
r4487:779812b2 default
parent child
Show More
@@ -1615,7 +1615,7 def _process_url_func(match_obj, repo_na
1615 # named regex variables
1615 # named regex variables
1616 named_vars.update(match_obj.groupdict())
1616 named_vars.update(match_obj.groupdict())
1617 _url = string.Template(entry['url']).safe_substitute(**named_vars)
1617 _url = string.Template(entry['url']).safe_substitute(**named_vars)
1618 desc = string.Template(entry['desc']).safe_substitute(**named_vars)
1618 desc = string.Template(escape(entry['desc'])).safe_substitute(**named_vars)
1619 hovercard_url = string.Template(entry.get('hovercard_url', '')).safe_substitute(**named_vars)
1619 hovercard_url = string.Template(entry.get('hovercard_url', '')).safe_substitute(**named_vars)
1620
1620
1621 def quote_cleaner(input_str):
1621 def quote_cleaner(input_str):
General Comments 0
You need to be logged in to leave comments. Login now