rhodecode-enterprise-ce Commit - r2155:a81b6ebb

security: fix XSS in repo strip view.

ergo -

r2155:a81b6ebb default

parent child

rhodecode/apps/repository/views/repo_strip.py

0 +2 -2

                                 data[i] = {'rev': None, 'commit': h.escape(rp[chset])}
                             else:
                                 data[i] = {'rev': data[i].raw_id, 'branch': data[i].branch,
-                                           'author': data[i].author,
+                                           'author': h.escape(data[i].author),
-                                           'comment': data[i].message}
+                                           'comment': h.escape(data[i].message)}
                         else:
                             break
                     return data

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages