rhodecode-enterprise-ce Commit - r4652:9012cc2f

pull-requests: fixed some xss problems with odd filenames.

milka -

r4652:9012cc2f default

parent child

rhodecode/public/js/src/rhodecode/comments.js

0 +1 -1

                       // There aren't any comments, we init the `.inline-comments` with `reply-thread-container` first
                       if ($comments.length===0) {
-                        var replBtn = '<button class="cb-comment-add-button" onclick="return Rhodecode.comments.createComment(this, \'{0}\', \'{1}\', null)">Reply...</button>'.format(f_path, line_no)
+                        var replBtn = '<button class="cb-comment-add-button" onclick="return Rhodecode.comments.createComment(this, \'{0}\', \'{1}\', null)">Reply...</button>'.format(escapeHtml(f_path), line_no)
                         var $reply_container = $('#cb-comments-inline-container-template')
                         $reply_container.find('button.cb-comment-add-button').replaceWith(replBtn);
                         $td.append($($reply_container).html());

rhodecode/templates/ejs_templates/templates.html

0 +1 -1

                             <%= version_info %>
                         <% } %>
                         <br/>
-                        File: <code><%- file_name -%></code>
+                        File: <code><%= file_name -%></code>
                     <% } else { %>
                         <% if (review_status) { %>
                             <i class="icon-circle review-status-<%= review_status %>"></i>

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages