Mercurial > p > roundup > code
annotate roundup/anypy/ssl_.py @ 8356:63390dcfcfe9
bug: fix template use of structure with untrusted data
Looks like an xSS bug with an early version of the template that was
fixed in the code but never in the deployed tracker. It has been a
while since this particular construct has been in the classic template
which is the base for the tracker.
This has been fixed on the deployed tracker as well.
reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 10:23:09 -0400 |
| parents | d5d7ecd31864 |
| children |
| rev | line source |
|---|---|
|
6582
3e8f2104753b
issue2551186 - replace socket.sslerror in mailgw.py.
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 try: |
|
3e8f2104753b
issue2551186 - replace socket.sslerror in mailgw.py.
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 # Python 3+ |
|
3e8f2104753b
issue2551186 - replace socket.sslerror in mailgw.py.
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 from ssl import SSLError |
|
3e8f2104753b
issue2551186 - replace socket.sslerror in mailgw.py.
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 except (ImportError, AttributeError): |
|
3e8f2104753b
issue2551186 - replace socket.sslerror in mailgw.py.
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 # Python 2.5-2.7 |
|
7767
d5d7ecd31864
chore: sort imports w/ ruff.
John Rouillard <rouilj@ieee.org>
parents:
7228
diff
changeset
|
6 from socket import sslerror as SSLError # noqa: F401 |