rhodecode-enterprise-ce Commit - r4652:9012cc2f

pull-requests: fixed some xss problems with odd filenames.

milka -

r4652:9012cc2f default

parent child

rhodecode/public/js/src/rhodecode/comments.js

0 +1 -1

                        // There aren't any comments, we init the `.inline-comments` with `reply-thread-container` first
                        if ($comments.length===0) {
-                         var replBtn = '<button class="cb-comment-add-button" onclick="return Rhodecode.comments.createComment(this, \'{0}\', \'{1}\', null)">Reply...</button>'.format(f_path, line_no)
+                         var replBtn = '<button class="cb-comment-add-button" onclick="return Rhodecode.comments.createComment(this, \'{0}\', \'{1}\', null)">Reply...</button>'.format(escapeHtml(f_path), line_no)
                          var $reply_container = $('#cb-comments-inline-container-template')
                          $reply_container.find('button.cb-comment-add-button').replaceWith(replBtn);
                          $td.append($($reply_container).html());

rhodecode/templates/ejs_templates/templates.html

0 +1 -1

                              <%= version_info %>
                          <% } %>
                          <br/>
-                         File: <code><%- file_name -%></code>
+                         File: <code><%= file_name -%></code>
                      <% } else { %>
                          <% if (review_status) { %>
                              <i class="icon-circle review-status-<%= review_status %>"></i>

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages