##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
issue-trackers: bleach.clean the url entry to avoid JS injections.
marcink -
r2444:a18c6a2f default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -23,6 +23,7 b' import hashlib'
23 23 import logging
24 24 from collections import namedtuple
25 25 from functools import wraps
26 import bleach
26 27
27 28 from rhodecode.lib import caches
28 29 from rhodecode.lib.utils2 import (
@@ -344,10 +345,14 b' class IssueTrackerSettingsModel(object):'
344 345 # populate
345 346 for uid in issuetracker_entries:
346 347 issuetracker_entries[uid] = AttributeDict({
347 'pat': qs.get(self._get_keyname('pat', uid, 'rhodecode_')),
348 'url': qs.get(self._get_keyname('url', uid, 'rhodecode_')),
349 'pref': qs.get(self._get_keyname('pref', uid, 'rhodecode_')),
350 'desc': qs.get(self._get_keyname('desc', uid, 'rhodecode_')),
348 'pat': qs.get(
349 self._get_keyname('pat', uid, 'rhodecode_')),
350 'url': bleach.clean(
351 qs.get(self._get_keyname('url', uid, 'rhodecode_')) or ''),
352 'pref': qs.get(
353 self._get_keyname('pref', uid, 'rhodecode_')),
354 'desc': qs.get(
355 self._get_keyname('desc', uid, 'rhodecode_')),
351 356 })
352 357 return issuetracker_entries
353 358
General Comments 0
You need to be logged in to leave comments. Login now